Passwords stink. Is there a replacement?

Although MIT developed the first computer password in 1961, it's a technology that can be traced back far earlier.  After a quick Internet search, I discovered that the use of passwords dates back to the Spartan military in 700 BC.  So much for progress. One would think that after 2,700+ years we would have come up with a better way of doing things. Are there other possible options?

While the technology has changed since MIT's work in 1961, the concept remains the same: using a complex password, of the right length, changing it frequently, will provide a reasonable level of security.  However, after conducting an informal survey of peers and contacts, I was shocked to see the average person is dealing with and managing over 200 passwords (some had over 300!) because we need a password for just about everything -- from banking to benefits, social networking to photo sharing, news and travel, shopping and entertainment, to online thermostats and garage door openers (very cool by the way). 

The complexity of managing so many passwords has created the need for password managers, and there are many to choose from: cloud-based versions, offline versions, and options to view the data on every type of device.  They provide a reasonable level of security, but again, anything can be hacked, so this is really just an interim fix.  I've also found the use of password managers is a very opinionated and emotional topic.  Those I spoke with are either big fans or huge opponents. 

Is biometrics an option?  Apple made headlines with its recent release of the iPhone 5s, including a new kind of fingerprint scanner they are calling Touch ID.  I won't go into the details as many others have, however, I will point out that this is nothing new.  Back in 2004, IBM introduced a fingerprint reader built into the ThinkPad T42.  I remember how excited I was to see it and use it at the time, but I don't remember using it since.  As I look at the notebook computer I'm writing this blog on, I see that the same fingerprint scanner is built in and yet I've not used it until now. After re-enabling the software, it seems to work fine.  It scanned my fingers and I was able to log in.  I discovered that not much has changed since 2004.  So why don't I use it?  Well, because without a lot of other technology enabled, working, and synchronizing, it's not secure and doesn't meet the corporate standards of an acceptable solution.  But to lock your children out from purchasing music, it's perfect!

Dual factor authentication is a good answer to the problem.  Just like an ATM card, the concept of something you have (the card), and something you know (the PIN number), provides the best combination of security and ease-of-use.  While a number of online services have enabled this capability if a user opts for it (such as Facebook), I can only guess most people don't utilize it because it's another step. 

Over the years, some companies have tried to create a single password that works across all services.  It has never caught on, most likely due to a lack of trust.  To me, having a single password is the perfect solution.  One place to sign up, one username and password (or a biometric combination), and it works everywhere.  All web sites and computer hardware would connect and authenticate to it.  I'm guessing, however, that's not going to happen very soon since it would require the cooperation of most companies who aren't motivated to work together on this.

I'd love to see all of these technologies combined together:  I sit down at a PC and it auto detects the smartphone in my pocket.  The smartphone prompts me to scan my finger with the built-in scanner, and after I do, I am securely logged into the PC. Sounds like a dream.

I'll continue to wait patiently.  How about you?

This article is published as part of the IDG Contributor Network. Want to Join?

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon