If we’ve learned anything in recent years about end-user security practices, it’s the fallibility of human-created passwords. According to SplashData, there were 3.3 million leaked passwords in 2014. This isn’t particularly surprising when you look at what else SplashData revealed—the top two passwords in use are still ‘12345678’ and ‘password’.
With smarter and more frequent hacks of company and personal information, weak passwords and poorly implemented secure password policies have long been a top concern in Internet security, as they should be. While setting better passwords is an important and immediate action needed to improve current security practices, the future of technology suggests that the answer may be to absolve the alphanumeric password altogether.
While the Internet of Things comes with its own vast set of security concerns, there is at least one way that IoT is encouraging safer Internet: making alphanumeric passwords obsolete. Unlike the current and ineffective practice of each user having an alphanumeric password to access their accounts and devices, authentication with IoT eliminates human error by relying on physical authentication such as fingerprints, and other physical aspects of identification authentication.
As IT World points out in this article, the Apple Watch is a perfect example of a personal item that could act as authentication. With proximity-based authentication, the watch acts as the password and wearing the watch will authenticate your access to devices when you are close in proximity to them. For example, somebody wearing the watch could unlock their home by simply approaching the front door.
If Gartner is right in estimating 25 billion IoT devices by the year 2020, then these new forms of authentication will quickly absolve the password as we know it, eliminating one of the most common security attack vectors today. Smart enterprises and IT departments already require two-factor authentication, making it so that human-created passwords are no longer solely reliable for protecting one’s personal information.
Not only will users be relieved from the frustration of managing secure passwords, but these advances will greatly increase the difficulty of executing large hacks via end-user authentication. Instead of gaining access to large quantities of usernames and passwords, hackers will be required to compromise large numbers of individual authentication products, meaning that large sweeping hacks will not be accessible in the same way that they currently are.
While password managers have been our last hope in creating and maintaining strong and secure passwords, even those have seen some downfalls. In many ways, we are already living in a post-password world. Many car models today already offer proximity authentication, unlocking your car as soon as you approach it using the sensor on the key in your pocket. iPhone users already use their fingerprints instead of passcodes on their iPhones to unlock their lock screens. Home automation platforms enable access through smart devices. Certificate and one-time tokens for logins have proven critical in online authentication. These advances are a clear win for the future of enterprise data security and online user identity protection, while reducing the overall effort required by users to implement secure authentication methods.
The Internet is quickly approaching an era without passwords, meaning that what you know is becoming far less important than what device you are wearing.