Granted, passwords have been there for a long time and so many vulnerabilities have surfaced on password stealing and cracking techniques. Yet, Passwords continue to thrive in the free market.
This short article takes a closer look at what are the under-pinnings for this state and how can we move to a better and secure cyber world.
For this, let us look at the stake holders on this broken technology
C-level and Administrators: The passwords are yummy for them because, when their servers are hacked, as a “proverbial fig leaf” to their “naked servers”, they can always claim “We suspect compromise on our authentication (Password) servers (database); However, all the Passwords were hashed ( hash: something believed to be uncrackable to get plain passwords back); We recommend our users change their passwords immediately”. Done!
By the way, this doesn’t take into account that the advanced persistent threats could possibly be lurking around and might silently grab those changing passwords too!
Yes, given several known attacks on the user-end with simple techniques as Phishing, key-logging, we continue to rely on Passwords.
Users: The passwords are yummy for them because they can always come up with an obscure combination of their spouse’s middle name and the first name of their kids and their dates-of-birth as a part of their “super duper” password. It gets them emotionally attached to such passwords. Unfortunately they may not stand against hacking tools such as Keylogs or Phishing.
Hackers: The passwords are yummy because they are ready to go (for use). Moreover, the victim user might have used the same password across several sites. Bonanza!
Developers (app): Passwords are yummy, because they can include in their static strings (data structure in which they store) to invoke their APIs. Limited time tokens (equivalent to Password strings) are still a pain to deal with.
So goes the eco-system…
What do we need here? For starters disposable zero-footprint authentication with privacy and convenience (balancing risk and convenience), MFA characteristics along with Single Sign On (SSO) capability would mean Goodbye passwords!
Thanks for reading!