Is it time to ditch the password for an alternative system?

Passwords have been around for as long as people have had computer systems and a lot of us have had to remember our fair share of them.

In recent years, many of us have been prompted to change our passwords on a regular basis and often to something more complex with special characters, capital letters and numbers to make it more secure. Having a complex password will certainly protect you from anyone guessing your password but can make it harder to remember too.

However, unless you’re not being personally targeted, having a complex password may not matter if your details are leaked from a system you have an account with. If someone targets an entire company that you have trusted your personal details with than whatever your password is, it will be leaked and your then open to everyone who has that list unless you act upon it quickly. 

“Sadly, even though many people are now using a combination of letters and numbers, or substituting numbers for letters, passwords can’t protect your personal information or data.” Said Brian Spector, chief executive of Miracl.  “The IT industry needs to get over passwords. They don’t scale for users, they don’t protect the service itself and they are vulnerable to myriad attacks.”

It does beg the question, why are we still using passwords if they’re really not that secure anymore? Why haven’t we found a better alternative to passwords for authentication that’s been put into use? Alternative password systems have ranged from single-use passwords (that are only valid once) to visual passwords similar to the Android dot-to-dot authentication. Yet we still continue to rely on an age old authentication system that is becoming less and less secure.

It seems everything else on the internet has evolved except for the password. Facebook does use a somewhat intuitive authentication service that pairs up with your mobile when logging into an unrecognised browser – a service that needs to be activated manually. Facebook will send an authorisation number to your mobile phone, which does expire and refresh after 30 seconds, and needs to be typed in to authorise yourself. While this is a good step in the right direction, relying on another device that could run out of battery or potentially become lost or stolen could prevent you from logging into systems and getting to your data.

IBM predicted in 2011 that passwords would become defunct by 2017 and many other industry experts are claiming that the password is dead, or it’s at least dying. Passwords may be failing us but there isn't much evidence to suggest this is happening anytime soon. It would take a market leader like Facebook or Apple to lead the charge in replacing the traditional password if it were to happen soon. One example of industry change is Apple's exclusion of Flash in it's iOS devices, which caused a rapid decline in popularity for the format and is now looking to be on it's way out - something we wouldn't have seen coming in 2005 when it was at it's most popular but it often takes a company like Apple to force through change.

So, will the password ever die? People don't always like change and the login page has become a common occurrence of our everyday life so if we ever did make a change, it will be a long process. The reason being is that despite its flaws, as long as you can remember your password, it's the simplest way of logging into systems and getting to your data. If you begin to over-complicate the login process then people won't be keen to make the switch anytime soon.

In the meantime, as long as your password isn’t as basic as these recently leaked 25 passwords, the traditional password system will have to do.