Who wants to get rid of the passwords?

Ubiquitous in our hyper-connected world, passwords guarantee the security of our personal information online. While they tend to be forgotten on a daily basis, they come back to the forefront with each new mass hack. In the dock, many new technologies, with biometrics at the forefront, regularly predict their demise. Yet passwords remain the standard of reference for online identification and they are not about to disappear. That's why.

The human remains the weakest link

The password is often the cause of hacking and is often not secure enough. That said, even if it does not provide the highest level of security, its biggest weakness lies not in its technology but in the behaviour of those who use it.
There are some basic rules for using passwords properly. For this system to be effective, it is imperative that you use a different password for each account, and that each password is not too easy to find. Unfortunately every year the rankings show us that the most frequently used passwords are still too simple like "123456", "password" etc. and are therefore also, quite logically, the most hacked. Studies on the subject also confirm that the majority of Internet users use the same password for several (if not all) accounts, which allows the hacker to access several accounts as soon as he has found one. It is wrong to believe that the most common means of attack for hackers is to guess passwords. In a world where billions of passwords are on sale on the Dark Web, there is no need to guess, just steal or buy for a few cents.
Knowing that an Internet user has an average of 100 accounts online, it seems logical to rely on technology to easily manage this multitude of complex passwords. The tools already exist, but they still need to be used.

A de facto standard

If the password has imposed itself for decades as a "de facto standard", it is not by chance. To succeed in substituting one standard for another, you have to offer more than the first one proposed. The password system already offers a lot: it is a low-cost, non-patented, easily modifiable technology that can be used anonymously.
To replace this technology, which has become a de facto standard, other technologies must provide a better, safer and more practical solution to more than offset the costs of change.

What alternatives?

We can identify three main types of solutions often presented as credible alternatives to passwords. Troop review.
SSO, limited by competition, and impossible to secure
The first solution is Single Sign On (SSO) technology. With an SSO solution, you only need to connect once to a service, generally offered by one of the major Internet players (Apple, Google, Facebook...) to be able to access then, without any further identification steps, to a multitude of other sites that trust the first authentication. Very practical on paper, this system faces a major problem that blocks its expansion: none of these giants will give access to its customers' data to one of its competitors. Apple is not about to allow Facebook to come and collect its customers' emails and passwords to authenticate them.
But more importantly, an SSO is based on the idea of a single access key for dozens or hundreds of accounts. If an SSO is compromised, all accounts accessible through that SSO are compromised at once. For a long time it was believed that the means and technology of the major Internet players protected them from this risk. But in the last 6 months of 2018, the SSO of Facebook and Google were compromised and the keys of millions of users revealed to sophisticated and determined hackers.
Strong Authentication, a solution for the pro
Also presented as the future gravedigger of passwords, two-factor authentication (2FA) is based on the association of a factor you know, your credit card code for example (a password in reality), and a second factor you have, such as your credit card. You must have access to both at the same time to be able to authenticate yourself, which complicates the hackers' task.
While this solution provides a higher level of security, the biggest obstacle to its development is that it involves a complexity that the general public is not prepared to assume. Why should you have to buy a smart card reader or a dedicated USB key if it only slows down the process of connecting to websites? Another disadvantage compared to passwords is that it is not possible to use them anonymously. Finally, strong authentication does not replace the password, it is added to it.
Biometrics: dreams and reality
In its various forms, the media's darling is undeniably biometrics. Fingerprinting, facial, retinal or voice recognition, right down to the pills, for the most fanciful innovations, biometrics is presented to us as the perfect solution. Unfortunately, behind this promising veneer, biometrics actually has very little chance of replacing passwords. On the one hand, deployment costs are still far too high, although they are falling as the technology becomes more widely available, for example on our phones. Neither sites nor individuals are ready to equip themselves. And equip themselves with what? A fingerprint reader, an iris reader, a face reader?
On the other hand, biometrics does not offer all the services offered by the current system: it is impossible to use it anonymously, but also and above all it is impossible to change one's fingerprint as one can change a simple password. This is not a hypothesis, we know that hackers are already capable of reproducing fingerprints and voices to deceive authentication systems. Biometrics has already been caught up by cybercriminals, except at a high level of sophistication, still reserved for restricted uses.
That's why the password is now the norm... and is not about to be replaced no matter what the merchants say. A parallel can be drawn with the AZERTY keyboard developed in 1847 based on the position of the keys on the first typewriters and which is still used even on our smartphones, which do not have a physical keyboard.
Knowing this, it is not useless for Internet users to learn how to better manage their passwords in order to protect their precious personal data more than ever scattered over each of their accounts on the Internet.
Emmanuel SchalitCEO of Dashlane

Anything to add? Say it as a comment.

Inline Feedbacks
View all comments
private data
Previous article

Can we imagine a future without Facebook?

Tim Berners-Lee
Next article

Tim Berners-Lee: "30 years after its invention, the web has been hijacked by trolls and crooks."

Latest Information Society articles



Already registered? I'm connecting

Inscrivez-vous et lisez three articles for free. Recevez aussi notre newsletter pour être informé des dernières infos publiées.

→ Register for free to continue reading.



You have received 3 free articles to discover UP'.

Enjoy unlimited access to our content!

From $1.99 per week only.