Seamus Byrne* says fingerprints and facial recognition are becoming commonplace on our smart devices, but wonders if they will ever remove the need for passwords?
In modern daily life, is there anything as despised as dealing with passwords?
There are the annoying rules we’re told to follow.
There are so many of them we forget which is which.
We get pestered to cough them up all too often.
They’re the curse of a #blessed age of technology — but could we one day escape the password forever?
Fingerprints and facial recognition are becoming commonplace on our latest smart devices, so will features like these remove the need for passwords?
In the short term, the news isn’t good.
More passwords, not fewer
“We’re going to have more and more passwords than ever before simply because passwords have such low friction for use,” says Troy Hunt from haveibeenpwned.com — a website to check if your password’s been hacked.
“As bad as they are, the one thing they do better than everything else is usability.”
“Everybody knows how to create one.”
Alex Salazar, Vice-President at digital authentication company Okta, tells a similar story.
“Despite our frustrations, passwords are easy-ish to remember, and if you forget your password it’s fairly easy to get a new one,” he says.
“I believe the password will be alive and well for the next five to 10 years.”
So, what about all these facial ID and fingerprint technologies?
Couldn’t they make passwords a thing of the past?
These functions reduce how often passwords are required, but they don’t eliminate them entirely.
Most people who’ve used them will recall a time when, for whatever reason, they just wouldn’t work.
Then, you fall back on to that old faithful — a password.
You have heard it before: stop reusing passwords
Both experts say the biggest issue with passwords is our tendency to reuse them.
“When you go to a website and it asks you for a complex password, the easiest thing to do is to reuse some password you’ve been reusing for the last 20 years,” says Mr Salazar.
“That extra effort to set up multi-factor authentication or put in a more secure password is a high level of friction for the average consumer who may not fully understand the risks that are out there.”
“For many people unfortunately, it takes an account compromise to bring it home.”
The best step forward for the average user?
Both experts agree — if you’re not doing it already, start using a password manager.
It could be one that runs in your web browser, or as part of your Google account, or in Apple iCloud, or through third-party software like LastPass or 1Password.
These can generate highly secure random passwords, remember them for you and send them to any form on a website whenever you need to login.
Just make sure you make every single password different so that if one website gets hacked, all your other accounts stay safe from any spill-over effects.
“Strength and uniqueness are critical and you just can’t do that without a password manager,” says Mr Hunt.
“If you can’t mentally grasp having a digital password manager then literally just make a password book and keep it somewhere safe at home.”
Maybe some good news: are we about to reach ‘peak password’?
While the password is here to stay, there’s a good chance our passwords will be requested less and less frequently.
According to Mr Salazar, tools used by websites to authenticate users are getting smarter: the more a website recognises our computer, our IP address and our behaviour, the less often it will ask for our password.
In the future, we will only be asked to prove who we are when we branch out from our regular behaviour, for example logging in from a new phone, or while travelling overseas.
For those eager for the latest and greatest in digital security, everything old is new again.
You can now get a physical key to put on your keyring alongside your house keys that can make digital authentication even more secure.
These keys — called Universal Two Factor, or U2F — can be physically plugged into a USB port on a computer, and the latest can even be tapped against a smartphone with an NFC reader.
But like your house keys, you really don’t want to lose them.
Once you opt into this kind of high-security setup, even your password won’t let you back in without the key.
(You can arrange some emergency digital backup keys, though.)
So, the password is here to stay.
It’s annoying, but it’s simple, and it’s easy to replace if you lose it.
But at least in future you won’t be asked to type it in unless there’s a good reason a site needs to double check you are who you say you are.
* Seamus Byrne is a technology and game culture journalist.
This article first appeared at www.abc.net.au.