Why You Should Love Google’s No-Password Experiment
Tech giants let users sign in by tapping a smartphone app.
There are more than 3 billion Internet users on this planet. And it's a safe bet that none of us likes making up passwords. Pretty soon, we may not have to. Earlier this year, Yahoo eliminated passwords in favor of push notifications to smartphones. Now Google is following suit with a reported smartphone app test for selected users. In both cases, when a user signs in online, the service sends a push notification to an smartphone app. The user completes sign-in by tapping that app.
As Google goes, so goes the world. At least, I hope so. The technology for smartphone push authentication apps has existed for a few years, but it's taken the recent spate of high-profile password breaches for tech giants to take the idea seriously.
Invented in the 1950s as a way for computer nerds to access mainframes, passwords are a terrible idea in the modern era and have been badly in need of replacement. And not just because users hate them.
1. Most passwords are unnecessary.
How often have you been asked to create a free account with password at, say, a publicly available news site--such as this one? That password is protecting neither your financial information nor your personal data, it's simply allowing that site to identify you and gather data for marketing purposes.
This rapid proliferation of user accounts means many Internet users suffer from what experts call "password fatigue."
2. Users don't take them seriously.
Who can blame people for not following increasingly unfollowable recommendations for password hygiene? I certainly don't. I have dozens of non-personal-data accounts with the same password. I bet you do too.
Worse, passwords such as "password" and "1234567" remain popular choices. While many in the tech world think this is an expression of stupidity, to me it seems more like an act of protest. Why does my desktop computer, sitting in a rural farmhouse, require me to enter a password before it will function? It's annoying enough that I might use a password like "password," although I don't.
3. Passwords don't work.
No one can do everything right around passwords, but even if you could it might not matter much. That's because passwords are inherently insecure, especially as password-guessing computers gain power. "It's been proven time and time again that passwords--and security questions--are terribly weak security measures. The vast majority of data breaches originate with a compromised password," says Jonathan Klein, President of multi-factor authentication company MicroStrategy.
4. Biometrics aren't here yet.
The day will come when both passwords and smartphone app authentication will be replaced by a simpler, more elegant biometric solution. Fingerprint readers on smartphones are a start, as is USAA's allowing people to sign in by voice or facial recognition. Devices that listen to heartbeats or scan veins in the hand, both of which are unique, are another possible direction.
But fingerprint readers are not yet fully reliable. Facial recognition is even worse. And not every smartphone has either capability. We need a replacement for passwords yesterday. This is a pretty good one.