Many of the visionaries in the technology field have predicted that the password will cease to be a part of the user authentication process on future computing devices. They point to the fact that passwords do not have a solid history of providing the best security. They are too hard to remember by end users who end up writing them down or reusing them. They are too easy to guess by thieves who understand the bulk of technology users are novices. The overhead that passwords create for the organizations and companies that must manage their end users and customers has reached a tipping point.
Those of you on the leading edge of technology may have forged ahead into the new world of Windows 8. If you have decided to protect your tablet with user authentication, Microsoft has provided you with a new option. Instead of choosing a password, you can now identify yourself with a series of swipes on the screen. When compared with passwords, these series of swipes provide a much stronger barrier to entry. The swipes are created by the end user upon a background picture featuring distinct people and objects. The user must memorize these swipes (direction, angle, length) so they can gain access to their tablet each time it requires authentication. This sounds revolutionary. It is. Stealing your swipes is much harder than stealing your password.
I’ve seen a few of these ‘swipe’ solutions in action and they are quite impressive. However, sometimes a user forgets their swipe sequence . . . just as they do a password. Frequently the vendor response is to provide hints for each of the swipe sequences . . . just as they do for a password. When all else fails and the hints do not help a user remember their swipe sequence, the backup plan is for the user to provide a user ID and . . . and a password. The backup plan is to use the old plan.
I believe the swipe method will work out the kinks in the future, but I think it will always tow passwords with it. Swiping will resonate with end users because it is easy and fun. Other authentication methods may be more secure, but they have failed in the mainstream because they are simply too hard for the end users to remember and perform. Two-factor authentication combines something you know with something you have. This method is clearly more secure, but because it requires two items, it is twice as likely to fail. Failure does not mean that security is broken. In this case, failure means the user does not have one or both items and therefore, cannot gain access to their computer. They are then unable to perform their task and become unproductive.
Despite all of their warts, using passwords is still seen as the best fit for those seeking both security and ease of use. Even some of the visionaries I spoke about earlier are admitting we will continue to use passwords for the foreseeable future.