The advantages of a password as a way to protect information.
Over the years, I've been constantly bumping into 'Death of a Password' headlines. I still get PR emails from companies promising to 'make passwords out of date'. Countless times I've read about a new technology that will 'replace passwords'. They were all wrong. The truth is, passwords are with us for a long time. Here are some reasons.
The passwords are either absolutely correct or completely wrong. 'Bsdo # du () q1' looks almost like 'Bsdo # du () 1', but for a computer these combinations are completely different. There is no correction factor and no computer will mix them up. For comparison: in the case of biometric technologies, such as fingerprint sensors, retinal scanners and analyzers of text input features, you always have to take into account a certain error, biology does not differ in the accuracy of measurement. Voices, faces and lighting can change, all of which must be taken into account by the biometric scanner. But if you get / reproduce the information as close as possible to the original, you can bypass biometric identification, which has been repeatedly demonstrated. Reduce margin of error – get errors and frustrated users. Passwords don't have this problem.
Passwords are technology agnostic and backward compatible with previous versions
They are a (relatively) small line of text. Every operating system over the past half century – Windows, Mac, Unix, Android, iOS, TRSDOS, BeOS, Symbian, AmigaOS – can work with passwords. But not all devices can recognize faces, read fingerprints, or analyze your motor skills. And not all devices have a USB port for connecting an ID token. Not every device can receive a timecode message. The use of new authorization technologies comes at a cost and there is no guarantee that they will be used everywhere in the future.
Passwords are a free one-time measure
If the password becomes known as a result of a data leak, then you can simply replace it with a new one. But there are only 10 fingers, and only two eyes. What to do if your fingerprints are 'leaked' into the wrong hands? (This is what happened to government employees whose biometric information was stolen in a hack into the federal HR department.) Body parts are not easy to replace.
The password is easy to share
I understand that you should not do this, but people constantly send their passwords, often under quite specious excuses. You can send them by e-mail (not so-so idea), by SMS (also not very good), write them down on a piece of paper (already better) or speak to the recipient in person (ideal). Fingerprint or retinal scan cannot be transmitted.
Anonymous password
If you do not use unique personal information as your password, then you will not be able to track you by password. On the contrary, voice, fingerprints, retina and other biometric data, like the smartphone itself, belong only to you and all this can be used to track a person.
Password is a secret
Or at least it should be. But this is not about biometric identifiers. Your face appears in public almost every day. The fingerprint can be removed from the wine glass. DNA can be easily obtained from hair that has fallen from the head. The USB token can be borrowed when the owner is sleeping. But (in theory) only you know the password.
Correct use of passwords
Problems with passwords only arise because they are used by people who are lazy. We come up with too short and too simple passwords, we use the same password for different sites, so hacking the database of one site can put several services at risk. But we can negate the human factor by using machines. We may use password managers that generate and use strong passwords for each account we use. Yes, a password manager can be the most unreliable link, but if you use several such solutions and share your accounts between them, nothing like this will happen.
We can use two-factor authentication, which today can be much more secure than textual code. The second factor, for example, can be a randomly generated number from the corresponding application or a USB token that you store on your keychain. Most of the time, additional authentication is not necessary; it is only required when you sign in to your account from a new device. Passwords won't go anywhere, just like us. We just need to use them more intelligently.
Original material by Paul Wegensale
Someone may seem paranoid, but such precautions have a rational idea. Until the thunder breaks out, as they say. Two-factor authentication is more secure than biometric user identification. This does not mean that you need to give up the fingerprint. Again, if the device does not store critical information, then you can get by with it. But in the opposite case, you need to think about additional protection mechanisms. The method described by the author is quite understandable and universal for everyone. A more advanced way are special applications, for example, the one already mentioned by me on the pages of the Cerberus website, which monitors the status of the device and allows you to remotely erase the gadget's memory, take a photo of the thief, and much more. A safety net, of course, but it won't be superfluous.
I do not think that passwords will disappear soon, for this it is necessary to fill the market with devices with various biometric scanners as much as possible, which is not yet quite typical for the budget segment. The author is right, we need to think about whether we are using the available protection methods correctly? Well, it is also useful to remember the banal rules, which are also mentioned in the material.