Skip to main content

So, passwords are weak. What’s replacing them?

The Google study on passwords we reported this morning served up a familiar tale in which the security-conscious are now very well versed. Passwords are weak.

Even those cArEFu11y C0nc0ct3d alpha-numerical codes once seen as near-flawless can be easily cracked by the well-trained hacker, as shown by a recent experiment where one pro deciphered an incredible 14,734 complex passwords in under a day.

So what’s the security industry doing about this? A consensus is emerging that traditional password systems are dying off, and will soon be unfit for purpose – if they aren’t already. The use of fingerprint scanning and ‘electronic tattoos’ on a universal scale may still be a fair way off, but expect picture-based security systems to step up as a common replacement in the very near future.

Microsoft grabbed attention by introducing the Picture Passwords feature on Windows 8, where the user points to areas of a familiar image in a specific order to gain access to their device. Emerging companies like PixelPin, who were recently listed in Mashable’s top 25 UK startups, are looking to take the pictorial theme further and provide a cross-platform authentication system for web pages, mobile devices and more.

PixelPin co-founder Geoff Anderson told ITProPortal that the modern tech landscape is becoming increasingly incompatible with passwords. Hackers can crack them, and users can’t remember them.

“A few years ago when we only had one device - our PC - and only logged into a few websites a day, passwords worked pretty well. Now we are using 2 to 3 devices, logging into multiple websites and are being forced into longer and more complex passwords. We as users cannot cope anymore.”

Major companies like Facebook, Twitter, Evernote and LinkedIn have reacted to the single password’s decaying strength by introducing two-factor authentication systems, but Anderson believes more user-friendly solutions are needed.

“We all need to authenticate ourselves to use web services securely, but the industry response has been to add more steps, such as two factor logins with tokens, text messages with codes etc. Users want something simple or they will not use it, so we are just beginning to see more innovative solutions emerging that require a change in user behaviour and thinking. These solutions will ultimately replace passwords, which will be consigned to history.”

With PixelPin and its peers coining the Twitter hashtag ‘#KillThePassword’ and signing up to the online Petition Against Passwords, factions within IT security seem determined to throw traditional passwords onto the scrapheap. Check out PixelPin’s work-in-progress alternative in the video below.

Top image: Flickr (marc falardeau)