Can we really kill the password?
Why it is so hard.
Understanding the basics of identity security isn’t nearly as difficult as some experts want us to believe. The programming can be complex, layers of encryption and length of digital strings can be enormous, but the fundamentals are not.
Who are you? What is your proof? In the military on guard duty: “Who goes there? “
“What’s the password”
“Fe Fi Fo Fum.”
“OK – Pass.”
That is it.
But if the password is so simple why can’t it be eliminated?
On line identity verification identity works exactly like showing your ID to get a drink in a bar. In some cases two forms of ID are required. In the case of the internet, when we use machines to do the verification, we use the same two-forms/two-factor as we would in the military or at bank. The difference is simply that there is a computer interface in one case and not in another.
Consider that all contemporary systems of authentication are simply matching stored information with submitted information. User name and password submitted must match the username and password stored. The fact that a retinal, voice or fingerprint scanner will make the password more complex and harder to replicate, does not change the system.
The password works best in a highly controlled environment or one requiring physical access or presence. There is a difference between unlocking your house, phone, desktop and accessing a website. The tools best suited to each are different because the situation is different.
The largest challenge to eliminating the password is not the technology. It is people and their thinking.
BPID is on a mission to eliminate the password in 2016. Our asymmetrical data system makes eliminating the password possible without compromising security or convenience. Stay aware of our progress, please join us by signing up for our news.
People want security, but they also want convenience. Reliability is perhaps less critical until people are denied access to their account with a false negative then reliability pops up to number one.
It remains people’s habits, beliefs and economic interests represent the hurdle that so difficult to pass. If people do not believe the password can be eliminated then it is more difficult to change their beliefs and introduce new ideas.
Corporations and industries are working hard to ‘eliminate’ the password, or so they say. Biometrics, dongles and patterns are being offered. But exchanging one form of stored token for another is changing the token not the system. The two things that must change before we can eliminate the password are the technology of the password and people’s beliefs. Eliminating the password is easier than changing people’s beliefs about it.
The real question, the unifying theory of cyber security, is why don’t we just eliminate the password all together? The password is the weakest link.
Coming soon… BPID password-free authentication.
Paul Swengler is the CEO and principal of Bulletproof ID a password-free login. He can be reached through www.bpidsecurity.com and can be found on twitter @bpids
Stay aware of our progress to eliminate the password, please join us by signing up for our news.