Why A Secure Future Needs To Make Passwords History

Today (Feb. 9) marks the ancient celebration known as “Safer Internet Day.” Ever since the far-gone days of the early 1990s, experts and casual users alike have worried about illicit access to sensitive data, and the age of the confoundingly complex password was born. However, somewhere along the way of being forced to remember passphrases requiring at least three uppercase letters, four numbers and a hieroglyph, people started wondering if the smartphones in their pockets couldn’t serve as more reliable and secure keys than whatever computational incantations they’d created.

It’s not just the average user who’s sick of infuriatingly long passwords anymore though. Now, the tech companies responsible for explosion of mobile device activity and the subsequent need to secure it all are pushing heavily for the death of the password and the birth of a new age of two-step verification.

The Wall Street Journal reported that Google is hard at work with a beta program with the ungainly title “Sign in with your phone” that may just change the way users interact with their favorite apps and Web services. Rohit Paul, a tester in the program, explained that all he has to do to sign into Google Photos on his smartphone was to tap a button on the screen — then, he was in.

“It makes life easier,” Paul told The WSJ. “No need to worry about typing a complicated password.”

The beta program is part of a larger industry-wide effort to wean consumers off of a form of security that they have been told for decades can keep them safe. In honor of Safer Internet Day 2016, Google is also offering users an extra 2GB of space on their Google Drive accounts if they review their security settings, update critical information and give two-step verification a try. As tech companies fight against consumer inertia with passwords, the years have made it clear that only incredibly complex phrases offer any measure of security; in the modern world that requires the average person to sign in and out of apps and services dozens of times per day. Entering those random character strings takes precious time out of their days and degrades the quality of the experience brands and developers work hard to create.

In fact, Microsoft researchers identified just how time-wasting complex passwords can be in the modern world. If the world’s Internet users spent just 5 seconds every day typing in passwords (a likely very conservative estimate), it would equal 1,389 man-years every day.

And every second equals precious time they could spend interacting with branded content or placing online purchases instead.

Essentially, the dynamic at the heart of the password vs. two-step verification debate can be summed up with the question: Who should do the work of authenticating users’ credentials — users themselves or their personal devices? In a speech at a developer’s conference in 2015, Regina Dugan, head of Google’s Advanced Technologies and Projects division, said that shifting this responsibility is the next inevitable step of digital account security.

“This next frontier of authentication moves the burdens of PINs and passwords from the user to the device itself,” Dugan said, as quoted by The WSJ.

The future of a password-less society doesn’t need to be limited to just smartphones as keys. Gizmodo explained how a simple USB security stick can be used to access any or all digital accounts — without a battery or the need for a network, these keys can act as individual passports into one’s digital life.

Once hackers and data thieves focus their attention on this next wave of personal account security, though, it might take three-step verification to stay one move ahead of the game.

For more on the news and trends in today’s digital identity space, download PYMNTS’ Digital Identity Tracker.