A Path Beyond Passwords

Passwords have been around a long time. They are ubiquitous. But does anyone really like them?

Users don’t like them. Developers don’t like them. Companies spend millions of dollars every year working to prevent password compromises. Worse, many companies suffer password-compromised attacks from hackers, resulting in millions of dollars in losses and bad publicity. Over 80% of all security breaches are the result of a compromised password.

Despite the increasing sophistication of password-based systems, it’s just hassle and risk and no fun wherever you turn.

But fortunately, there is a way forward. In this series of articles, I’ll talk about why passwords are problematic and then discuss what is being done to allow us to move past passwords into a passwordless — and vastly more secure — future.

A Short History of Passwords

Password technology has actually come a long way. I’ve been around long enough to remember when the only way people would protect things on the Internet was with Basic Authentication. Here’s how it worked according to Wikipedia:

In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of ID and password joined by a single colon :.