On Passwords and Fearlessness and the Future
Monday, July 14, 2014 - 11:19 AM
Today, Wall Street Journal technology columnist Christopher Mims boldly declared that the password is irrelevant and dying. How boldly, you probably weren't asking yourself? Well, so boldly that he posted his twitter password in the article.
His argument is that authentication technology is becoming so smart, the value of the password is becoming greatly diminished. Thanks to 2-step authentication, even with his twitter password, you can't get into his account. He points to a bunch of ways that tech companies are rendering the password valueless:
Google is working on an as-yet unnamed protocol that allows you to connect to your online accounts on any device by authenticating yourself with your smartphone. This could be a code sent to you, or even a "smart ring." In June, Google showed off one version of this scheme, in which a user's laptop can be unlocked by the mere presence of his or her smartphone. It might seem foolish to replace an authentication token that you keep in your head (a password) with one you keep in your pocket (like a phone) but consider: The former can be obtained by hackers, and the latter you can shut down the moment it goes missing.
If you have either an iPhone or a newer Samsung phone running Android, it's simple to lock your phone remotely, even wipe it. So even if a thief gets his hands on the skeleton key to your accounts, you can disable it easily. Plus, your phone is itself locked (or should be) with a PIN code or even a fingerprint sensor.
But it seems that it's not so much about getting rid of the password itself, but more like using a password in conjunction with some other component - a pin number, a device, a fingerprint sensor. Something like that.
I like the idea, and I appreciate the boldness of it. It actually reminds me a bit of our story from a few months back about Y. Woodman Brown, who decided to post all of his passwords in the comments of a Washington Post article about Heartbleed.
They may look similar, but while Christopher Mims was doing it to prove a point about how hard it has actually become to compromise an account, Woody Brown was inviting people in to his accounts. Brown wanted to live his online life in a radically open way to show that it wouldn't really have any effect on him. And it appears that it didn't.