Is this the beginning of the end of the password?
We are finally seeing the beginning of the end of the stone-aged technology called the "password"
The password is an ancient authentication method used for thousands of years. Back in 413 BC, the ancient Greek army used passwords to verify identities and access secret information. As history has shown, that did not work out too well for them. As was written,
During the final phase of the Peloponnesian War, a series of tactical errors led to the defeat of the superior Athenian forces. Among the many errors was an inadequate identification system, reliant on a shared watchword. At the final and crucial battle of Syracuse, the besieged Syracusan army discovered the Athenian watchword that was used for identifying allies. Quietly disseminating this password between them, the Syracusan forces created havoc during a nighttime battle, preventing the dazed Athenian forces from identifying ally from foe and ultimately leading to their devastation.
Ultimately, the Athenian army was slaughtered in the Battle of Syracuse.
50 years ago, at the dawn of the Internet, people log on to systems using a password. Today, we are still doing the same. Despite the astonishing growth and development of technology over the past 50 years, user authentication is still stuck in the technological stone age.
Password authentication, a stone-age technology, is the leading cause of data breaches, costing the economy untold billions of dollars per year. Billions of passwords have been exposed in cyber-attacks. Despite the mounting costs and piles of technological dead bodies, the world still has not learnt its lesson. Even today, we are still using this primitive, stupid, inconvenient and insecure method of authentication. Sure, password authentication has been supplemented by 2nd-factor-authentication (2FA) like one-time codes, but they are still ineffective against increasingly sophisticated attacks.
How many more digital dead bodies do we need to pile up before there will be change? Perhaps the government should step in and use the blunt force of the law to make password authentication illegal, on pain of death?
For almost a decade, with the release of the iPhone 5s, the world saw the first smartphone with a built-in fingerprint reader. Back then, we had all the sophisticated technology available to perform authentication that is astronomically more secure and convenient. Instead of relying on the human brain to perform authentication using the stone-aged password, we could be using computers to perform sophisticated cryptographic challenge-response protocol to perform authentication.
To be fair, for the past 10 to 15 years, there had been numerous assaults on the password. But all of them had failed. Finally, almost 10 years later, we are finally seeing the beginning of the end of the password, using technology that we already had almost a decade ago. This new dawn will also stop phishing attacks in their tracks.