The Death of Passwords - Where is information security and authentication headed?

The password has been a ubiquitous part of our daily lives ever since we signed up for our first AOL or Compuserve accounts and went online. It is also our least favorite aspect of our modern, connected lives. Are passwords still relevant for securing our information? Where is information security and authentication headed?

Fernando Corbató. Remember that name the next time you are prompted to enter your password to access your PC. Or your online bank account. Or your phone. Or the password manager vault you use to keep track of all of your other passwords. While not a household name, the technology Fernando Corbató devised, while working at the Massachusetts Institute of Technology to secure files on the Compatible Time-Sharing System (CTSS) in 1960, is the reason we have to keep track of so many passwords. Or, like many people do, recycle the same password for all of our online identities and risk being a victim of identity theft, or worse.

The slow death of passwords

It is hard to believe that a solution created nearly 60 years ago is still the primary method used to protect our identities and the digital assets they secure. Fortunately, there is a better way, and we are starting to experience what Gartner called the “third-wave” of authentication at the Identity and Access Summit in 2016. The first wave is the password, the second wave is the token used primarily as a secondary form of authentication (2FA, MFA), and the third-wave is what Gartner refers to as “recognition technologies.”

Collectively, recognition technologies include a mixture of mobile, PC, analytics, biometrics, and continuous authentication to provide an enhanced user experience and more resilience than legacy methods used today. By 2019, Gartner predicts that the use of the first and second wave technologies will fall to 55 percent as the introduction of recognition technologies increases.

Moving towards password-free authentication

Companies that have not yet deployed a second-wave solution utilizing tokens should consider going straight to third-wave recognition technologies. Those already using tokens or other methods for two-factor authentication should begin thinking about incorporating recognition technologies into their authentication and security landscape.

Want to learn more about the changing security and password landscape? Check out our upcoming webinar presented by Frank Urena on July 26th.

Frank Urena is a Principal Architect with Oxford Computer Group, specializing in identity and access management and security issues. You can follow him on Twitter @furena.