Passwords: Not Going Away Anytime SoonApril 30, 2014 – 5:40 PM
For users who are not system administrators, the biggest impact of the Heartbleed vulnerability has been all the passwords that they have had to change. This, together with improvements in alternative authentication methods (like the fingerprint scanners now embedded in flagship smartphones), have caused some rather bold statements about passwords to be made.
Passwords are out of fashion? Obsolete in the short term, I hear some people say? Not so fast! While it’s true that passwords are not the most convenient way of authenticating yourself and they are inherently insecure, we should not be so quick to dismiss them.
The main advantage of passwords is that everybody can use them straight away. There is no need to tie yourself to a specific authentication token (“I could swear it was in my bag this morning!”), location (“I can’t log in from the hotel, I forgot I enabled that security feature!”), or smartphone (“I let my phone’s battery go dead!”). It might seem odd to some, but forcing users to own a smartphone – or asking a company to provide their employees with one – might be too costly.
Even if passwords are supplemented by other authentication methods, passwords will still be around as a secondary method. What would happen otherwise when your phone or hardware token gets stolen? We are simply not ready for a world without passwords, much as we’d like to get rid of them.
If that’s the case, we might as well learn how to use them properly. It’s not that difficult:
First, use a different password for each online service. If you’re trying to do this manually, it becomes difficult – which is why the best way to do this is to use a password manager. There are multiple options available, many of which are free.