The Problem with Your Password is You

Everyone knows the drudgery of having to change their passwords - capital letter here, number there, and oh, I have to include a special character now?  I'm not going to remember that.

More than two thirds of computer users use the same passwords, or very similar passwords, across the variety of platforms that they use, and weak passwords are the leading gateway to compromised accounts.  In fact, the compromise of a single account is the cause of 81% of major data breaches in 2016.  And, $20 gets you credentials for 1,000 accounts on the dark web.  The advice has long been to frequently change passwords across all of one's accounts, but that doesn't work well - the human mind cannot easily remember the complex combinations of characters that form the most secure passwords and many settle on easy to remember passwords, which are less secure.

Microsft aims to remedy this password problem with its technology - instead of "making you remember a list of passwords, Microsoft is making you the password."  By taking the approach of securing the individual as well as securing the device, Microsoft hopes to reduce data theft and ease access to your accounts.  The beginning of this campaign in evident in Windows Hello, a biometic sensing utility included with Windows 10 - it secures an account via fingerprints or a user's face.

Other methods are in the works too, using other devices that the user is known to have, such as Google's two-factor authentication that sends a login pin to a smartphone when an account is accessed from an unfamiliar desktop.  As technology improves, securing and accessing an account should become easier and easier, but developers are still meeting resistance.  Passwords are familiar and easy, and those who don't understand the new securty methods fear that these newfangled requirements will be difficult to use.  To allay this, Microsoft is working on marketing the new capabilities to familiarize the market.  Fortunately, Microsoft has some friends in the game.  Google, Samsung, Qualcomm, Visa, PayPal, eBay, Bank of America, MasterCard, American Express, and Verizon have all joined Microsoft in FIDO, the Fast IDentity Online Alliance, which is working to develop open standards for simpler, stronger authentication.  One of these FIDO standards may already be on your smartphone.

There are still many steps to take in the battle to lock down data and find a more competent solution than passwords, but the industry has the brightest minds on the task and is continually making strides to solve that critical problem.

This article was based on a December 26, 2017 Microsoft story by Suzanne Choney.

Date: 
January 11, 2018