Are Passwords Obsolete?

Catherine Smola, President & CEO | Canadian Underwriter insBlogs

How many times per day do you use a password? Between online banking, email, mobile devices, online shopping and social media, that number could easily be in the dozens. Despite the importance of passwords in an electronic world, however, most people – over 55% in a 2013 study – use the identical password for most if not all of their varied accounts.

One Password, One Big Risk

This habit presents an enormous risk, because even if the password itself is difficult to crack, it functions as a master key to your online life. This is especially true when paired with your username, which is also likely to be identical across multiple accounts. A breach of security anywhere, even an online bookstore, could grant a hacker access to everything from Facebook to your credit cards and leave you open to fraud and perhaps even identity theft.

The basic tenets of digital security (use long, complex passwords, and change them often) are sound in theory, but given the sheer number of accounts we need to access daily, there is simply a limit on how many passwords any one person can reasonably expect to remember.

A common solution is to use a password manager, a program that manages and stores every password you create. It reduces the number of passwords you’re required to remember down to just one: your password for the manager itself. With that in place, you may create strong, unique passwords for everything else. A breach on one account is insulated from the rest of your electronic life – so long as the manager itself remains secure.

While passwords can be managed and kept safe, as technology continues to advance it is worth asking ourselves:

Are Passwords Obsolete?

While we commonly think of passwords as a means of controlling access, in reality their purpose is to verify identity. As a technology, passwords are little more than pressing buttons in sequence on a keypad – anyone can learn that sequence and act with your authority. Biometrics, on the other hand, is a sophisticated and growing field that uses unique, difficult-to-falsify biological markers to positively identify an individual.

NEXUS machines use retina scanners to identify travelers in Canadian airports.

NEXUS machineSuch technology is already in wide use. IBM introduced fingerprint readers on its ThinkPad laptops in 2004, and Apple made them a staple on its smartphones in 2013. Mobile devices running Google’s Android operating system can recognize faces, allowing users to unlock their phones and tablets with a glance. Even eye-scanning technology is a modern-day reality rather than the science fiction we imagine: the Canadian government trusts it enough to deploy in airports for passengers enrolled in the NEXUS Trusted Traveler Program, automating the procedure of identity verification and customs clearance.

And those examples don’t even include concepts such as voice recognition and heart rate identification, the latter of which can be worn as a wristband and has attracted the attention of a major Canadian bank.