From ‘Long Live the King’ in Hamlet and ‘Open Sesame’ in One Thousand and One Nights, to modern lazy incarnations such as ‘Password123’ – passwords have long played a vital role in fictional and real life security.
Many of our most treasured pieces of information are protected by passwords, from our online banking accounts to social media accounts – meaning we are all walking around with important security information at the back of our minds (or hastily sketched on a bit of paper).
However, this could be set to change with the likes of Google trying to reduce our reliance on passwords, and implement new access measures that they hope will prove more secure and robust.
Reducing help desk reliance
According to Gartner, upwards of 50% of all help desk enquiries are calls for password resets. This undermines the efficacy of the process, wasting user and help desk time, and demonstrates that this method is far from perfect.
The average person has 19 different passwords, which they will use for a variety of personal and professional access points – so it is no surprise that users forget passwords and which ones are for which service.
Many users are reduced to guessing from a selection of passwords that they most commonly use, then contact the help desk when none of these prevail. This is hugely annoying for customers, and detrimental for the companies – the money spent on employing extra members of the help team could be spent on research and development or improving services.
Hacking and cyber attacks have continuously hit the headlines over recent years – with hackers able to create new access points quicker than security teams can protect their systems.
This has even led to the godfather of the computer password, Fernando Corbató, suggesting that passwords may be outdated and useful only for protecting non-sensitive information.
This has led to Google and other computing giants seeking more secure alternatives to the humble password. Mooted alternatives include using users’ smartphone to provide ‘multi-factor authentication’, which would mean a hacker would have to have access to a target’s devices as well as login details.
When attempting to login, an authorisation prompt will be sent to the synchronised device and the user will have to follow the prompt’s instruction to login. This removes the potential for hackers and third parties to access an account remotely.
For example, Ping Identity’s smartphone authentication app ‘PingID’ provides this functionality for any smartphone, and even the Apple Watch.
Identity and Access Management expert ProofID explains: “Creating a secure but efficient alternative access method can significantly improve the safety of sensitive online information. The big task now is for the services to migrate security from password to alternative methods without putting the users’ information at risk or reducing the user experience.”
The sheer wealth of information available at our fingertips means the average person is pickier than ever before when deciding what to read and what service to use. This gives web-based platforms and services minimal time to attract the interest of first-time visitors. Password creation is a time-consuming task that will reduce usability and the overall user experience.
This makes it important for new platforms and services to create a quick and intuitive access system that will not compromise the user’s security. Adoption of an intelligent and effective access system could drastically improve the usability of the service, potentially increasing its value and popularity – leading to greater conversion.
Perhaps the most notable change has been to Gmail, wherein Google have split the traditional login page into two separate pages – downplaying the significance of the password.