Password is a secret word or phrase that has to be entered in the given field to gain access or information. Google is trying to remove passwords and replace it with some other feature that gives a new way to sign in and to be secure. It has still not been able to find an alternative and is working on it. Google is planning to use smartphones to verify user’s identity to log in. Passwords are the most hated aspect of secure logins but cannot be escaped. Remembering your password and Criterias of passwords to create strong and unique ones can be maddening. People keep repeated and easy to guess passwords which increase their vulnerability and can be easily guessed.
Awareness among people is increasing with increase in hacking. Big and famous sites now provide users with two-step authentication. Enter the code which is sent as a text message or an app on your mobile. Google is carrying a test on a small group of people where one uses their phone to authorize a log in. A message like “allow the login” is received on the phone. On clicking yes the computer logs you in without asking for a password. Users will have an option to log in using the passwords when the phone is not very handy. This can act as a pitfall if the phone falls into the wrong hands as all the data can be accessed.
Some smart phones are using fingerprint to log in. This is a safer way as you can’t forget your fingerprint and it doesn’t change either. But now even that can be hacked by making fakes from high resolution pics of your hand. Google is also looking for other alternatives to solve issues with password. Also there should be multiple authentication as single authentication method increases the risk. More the number of factors, more secure you are.
Who will be the beneficiaries?
However nicely designed and implemented, physical tokens, cards and phones are easily left behind, lost, stolen and abused. Then the remembered password would be the last resort.
And, in a world where we live without remembered passwords, say, where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room. It would be a Utopia for criminals but a Dystopia for most of us.
Incidentally, biometrics are dependent on passwords in the cyber space. So are multi-factor authentications and ID federations like password-managers and single-sign-on services. Passwords will stay with us for long.
It is too obvious, anyway, that the conventional alphanumeric password alone can no longer suffice and we urgently need a successor to it, which should be found from among the broader family of the passwords (= what we know and nobody else knows).