Innovations – The End of Passwords

Welcome to Friday Faithfuls, the new Mindlovemisery’s Menagerie Challenge.  I decided to help Yves out with this new challenge which will be about good news, innovation, gratitude, inspiring quotes, everyday heroes, nature, manifestation, miracles, random acts of kindness etc.  The objective of this prompt is to help restore our faith in humanity.  The Greek storyteller Aesop wrote the fable The Four Oxen and the Lion which teaches us that united we stand and divided we fall, so we should all stick together because humans can be good people when they are willing to help others who are in need.  Malicious hackers are not good people, as they are trying to screw everyone over, because they lack ethics.  They enjoy violating laws and utilizing malware to scam people and steal our information, because they are too lazy to get a real job.  These cyber criminals are the scum of the earth, and we must take care to protect ourselves from their dastardly deeds.

In order to exist in the modern world, we need to have passwords to obtain extra security as they are required for social media accounts, online banking, medical records, and online shopping, so you can prove your identity, or authorize access to a resource.  It is thought that the average person has 27 discrete online logins.  For decades, we’ve needed passwords to do things online.  In the early 1960s, American computer scientist and MIT professor Fernando Corbató (1926-2019) was developing a new kind of shared computer system and wanted a way for people to be able to protect their private files from others when they were working on the same machine.  His solution was a password.  Over the years, Corbató’s fix won out over other means of authentication, and this became the standard way that we log on to pretty much everything, everywhere.

Passwords are inherently insecure, as they can be stolen, guessed, or brute-forced, but because people tend to use bad ones and then reuse them, this exacerbates the problem.  Technology is always changing and over time, people will begin to rely less and less on passwords, because they just don’t meet the challenge for anything that needs to be secure.  I had my email account stolen and the Nigerian hacker pretending to be me, asked all of my contacts to send him money, which was really embarrassing.  I had that email address for over 25 years, and I had to give it up and get a new one, which I was not happy about.

Today we have Password Managers, which are a digital police system that allows users to generate, store and manage credentials for both local services and online services.  This can help in the creation and retrieval of strong credentials, as well as their storage in an encrypted database or their calculation on software packages that can be installed remotely.  Your information is saved in an encrypted file to which you can get entrance using your master passphrase.  Password managers like Keeper, NordPass, RoboForm, Dashlane and 1Password can track all those various alpha-numerics for you and even replace the weak ones.  But password management is a half measure when it comes to security.  The real action is in eliminating passwords altogether.

New forms of authentication will finally let us get rid of passwords for good.  When I got my new Android phone, it asked me if I wanted to use a PIN or a biometric retinal scan as a login.  I went with the PIN, but maybe the next time I will try something more modern.  Biometrics are unique, but they can also be hacked.  Just about any system, can be broken into if enough effort is put into it, as where there is a will, there is a way.  Modern AI algorithms can be used to generate fingerprints, which can deceive fingerprint scanners.  A biometric scan method is easier, as you don’t have to remember your face and they tend to be more secure.

Enterprise-oriented companies like Okta and Duo, as well as personal identity providers like Google, offer ways for people to log in to apps and services without having to enter a password.  Apple’s facial recognition system has taken mainstream.  Most notably, Microsoft announced in March 2021 that some of its customers could go completely passwordless, and it followed up in September by telling people to delete their passwords altogether.  In the future, you will go to log in to a site or fire up an app, and instead of being asked to enter a password you get a prompt to enter a six-digit code from your authenticator app, tap a notification on your phone, or click a link sent to your email, or maybe you just need to raise your phone to your face.  There will be no more typing in a bunch of characters and symbols you have to recall, write down, or store in a database.

You can respond to this prompt by telling a story about when you got hacked, or when you forgot your password, or what you think about passwords in general.

28 thoughts on “Innovations – The End of Passwords

  1. I have written my passwords in a paper and have kept it safe 🙂 In spite of being careful yesterday instead of Log in password for net banking I typed in transaction password and was locked out after three tries. Then I realized my mistake and fortunately unlocked without any problem 🙂

    Liked by 1 person

  2. I am very glad to see you helping Yves with this. My attempt at the Music Challenge on Fridays was a failure (obviously). I have a dozen excuses why, but am excited there is something filling the spot, especially something emphasizing gratitude and information.

    For myself I have a hard bound booklet with a lot of pages (it’s alphabetized too, but who is that organized? Not me). I have learned the prudence of writing my passwords in it. Especially as the rules of the password have changed so much. I suppose that’s due to the hackers getting more sophisticated, but gad, what a pain in the rear.

    I have the illusion that the common passwords I gravitate toward are too difficult for the average hacker because of my love of Old English words and how I see ‘patterns” in things. None of that information is a clue in case there’s some dodo out there in the dark thinking “AHA! I’ve got her now!” One of my passwords is truly unguessable, so there’d have to be brute force employed if someone really wanted to know. The book is in a secure place where not just anyone will find it.

    The bright spot (as that’s the POINT of this prompt, isn’t it?) is that by making the password ‘rules’ so difficult, the financial institutions and sites we might visit regularly are keeping us as safe as possible. Well most of the time
    😏🤐😒😕

    Great prompt idea Jim! I’ll be sure to visit each Friday (or is it every other week?) to participate!

    Liked by 1 person

    1. I thought I had writing privileges on MM, but I guess they were revoked, and it seems like there is something that is preventing me from writing on that site, so this may be the only post that I write.

      Like

  3. I’m not going to share how I recall all my passwords, or the patterns I use to keep them all in my head. If my brain goes, then no one can get into any of my things, can they? Oh, except the people I rent/subscribe to, in fact anywhere I need to log on to do ‘stuff’. They can do anything to anyone’s account at any time, so what is the value of passwords if the invisible being behind the wall owns/sees all?

    Liked by 1 person

      1. Even reputable sites get hacked. Even the password wallets get hacked. The only safe place is in my head, but I only need passwords to access all the necessary things in life, ‘cos all the institutions want you to ‘do it online’.

        Liked by 1 person

  4. I haven’t messed with a retinal scan but I’ve supported finger print scans…they can give a lot of trouble with people. My fingerprints, at least some are gone because of playing guitar and some people have troubles because of that….but I would like to try the retina scans. That should be more steady.

    Liked by 1 person

  5. Fandango sent me here (I’ve commented there with my thoughts, and don’t wish to repeat myself.)

    Since you invite comments about passwords in general, I have some additional thoughts to offer:
    1. Not long ago I came across ‘Firefox Relay‘, which enables one to disguise one’s email address; it’s an extra layer of protection that, were you to use it now, would help protect your email address from that Nigerian hacker who abused your identity once before.
    2. I would strongly urge anyone using passwords to access sensitive content to use ‘2FA’ (two-factor authentication) where it’s available. I’m really surprised that so many online bank systems still don’t offer this facility.
    3. On a kind-of-related issue, here’s a link to a wibblette of mine from some years back about an idea I came up with for memorising PINs on credit and debit cards using pattern recognition rather than remembering the numbers: it’s called ‘Pinning down the PINS‘.

    Liked by 1 person

  6. I hope we can get it sorted with the author situation soon. Thank you so much for helping out, it is greatly appreciated. I am forever forgetting my passwords and having to change them and because I have to change them so often it is even harder to remember them. I also forget pin codes. Recently I have had some issues with unintentional weight loss so I walked into town to treat myself to pizza. As I was trying to pay I forgot my pin code so I had to ask the restaurant if I could go home to retrieve the number and come back and then pay which they allowed thankfully but after walking 12 km for the meal I am pretty sure I lost all those extra calories!

    Liked by 1 person

  7. i am using keepass as my password manager and so far my experience is good. Any of the password managers are good to have instead of not to have…

    Liked by 1 person

Comments are closed.