A group of Silicon Valley-based tech companies have launched a public advocacy campaign called Petition Against Passwords, according to CSOonline.com. The group aims to influence large digital service providers to move towards “passwordless” authentication and identity protection.
Passwords are a thing of the past and they need to go, according to the group. They are the weak link that smashes the security chain. Password protection alone isn’t enough. New methods of authentication are necessary to secure the future.
The problem with passwords is twofold. Users either create easily remembered passwords that are entirely too weak, or they are forced to pick passwords that are hard to remember but quickly cracked by machines. The other side to that is a lack of password policy enforcement and the gaps in basic data protection that can lead to breaches that expose millions of passwords. When breaches expose passwords, they often make their way online and wind up in wordlists that are used by password cracking software.
Identity companies such as LaunchKey, Clef and TechFreedom have all signed on to support the petition.
There has been a push to replace passwords, or enhance them with additional layers of security. For example, two-factor authentication is one such augmentation. It works, and it has seen wide adoption by businesses and consumers alike. However, there are others that wanting to move far beyond two-factor and similar advancements.
In May, Motorola’s Regina Dugan made headlines when she suggested tattoos and pills as alternate means of authentication. A month before that, researchers at the University of California, Berkeley, released research on using brainwaves as a means of authentication.