Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
The Four Best Alternatives to Conventional Password Authentication

The Four Best Alternatives to Conventional Password Authentication

By Daniel C.Daniel C. Verified by Inês P.Inês P. Last updated: July 17, 2024 (0)

Passwords have been a fact of life since the dawn of the World Wide Web. The internet is inherently insecure because it was never designed for public access, so passwords became essential for authenticating users and protecting their personal accounts. But over half of all users find passwords a hassle, so they just reuse something simple and memorable – like the neighbor’s dog’s name – for their growing list of online accounts. After all, who would want to hack an account at the local public library?

The four best alternatives to conventional password authentication

 

Lots of people would, it turns out. The common practice of reusing simple passwords created a field day for hackers, making identity theft a household term. The hacker who gains access to your boring library account might successfully use the same password to hijack your email – or even your bank account. Cyber criminals also use powerful tools to make successful guesses at what might originally have seemed like a clever password. A good online password strength checker can be a humbling way to reveal how vulnerable your existing passwords really are. Lazy password management is clearly obsolete, but thankfully there are alternatives to creating and memorizing dozens of meaningless character strings.

Password managers

Your browser probably asks you if you want to save each new password, but clicking ‘OK’ might not be such a great idea. Most popular browsers store saved passwords in plain text, leaving them essentially unprotected. Thankfully, password managers like 1Password and Dashlane take the concept to a new level, generating and memorizing bulletproof passwords for you and storing them in an encrypted vault to which you alone have access. These programs also offer more sophisticated online form fill-in capabilities than browsers, and can even store important data like your passport number for access from anywhere. Indeed, password managers not only provide vastly greater security, but they eliminate all the frustration of having to deal directly with passwords, making sign-ins as easy as they are safe.

Beyond password

No matter how strong, a password is a digital key stored on a server somewhere – a key that someone besides you could use if they stole it (or tricked you into handing it over). For this reason, big players like Microsoft and Google have been transitioning away from the username-plus-password authentication model for many years.

Multi-factor authentication

 

The Fast ID Online alliance (FIDO) claims that passwords are the root cause of over 80 percent of all data breaches. Since 2012, FIDO has been developing open standards for authentication based not just on “what you know” (a password), but also “what you have” (your smartphone, for example) and “what you are”. Like its name suggests, multi-factor authentication uses several parameters to ensure that the person accessing an account is who they say they are. Let’s examine how these two parameters are being used today, and what future possibilities they may hold.

Two-step verification

Perhaps the most familiar example of multi-factor authentication is the two-step verification used by many sites and services. Typically, you request access through a website, a verification code is texted to your smartphone, and submitting that code to the website within a limited timeframe will grant you access. Sometimes a scannable QR code is used instead of a numeric one, but the principle is the same: a thief would need access to both your smartphone and your account password to get anywhere.

An older, simpler example of the “what-you-have-plus-what-you-know” paradigm comes from personal banking. Putting your bank card (what you have) into an ATM and entering your PIN (what you know) are all that’s required to access your greenbacks. Newer interpretations of this approach use Bluetooth or RFID to connect a small hardware key in your pocket to a nearby system and ask it to trust you. But as physical keys and cards can be stolen, there’s clearly a need for a more definitive form of user identification.

Biometrics

 

This is where “what you are” comes in. Fingerprint scanners on smartphones and notebooks do a great job of blocking access to anyone other than the authorized user. More recently, facial recognition and retinal/iris scanning technology have been making the transition from sci-fi to your desktop. Biometric authentication is advancing rapidly. Coming advances include smartphones that can identify you by the shape of your ear, and DNA authentication – the ultimate accurate identification of an individual.

Persona-based authentication

If having your DNA analyzed before you can browse the web sounds too Orwellian, an authentication practice known as behavioral biometrics might feel more comfortable. As in physical biometrics, behavioral biometrics collected data is used to help establish your identity. This data could come from your typing style, how often you blink your eyes, or even the angle at which you normally hold your smartphone. Along with less exotic information like your geographical location or device’s OS, the data is used to build a “trust score” – a metric that online services use to decide whether they can trust you.

So long, Barney123

The need for businesses and individuals to protect themselves from cyber threats will continue to drive the development of increasingly sophisticated authentication methods. For now, password managers do an excellent job of allowing you to safely navigate the vast legacy of old-school authentication with the convenience of fingerprint scanners – all without having to remember the neighbor’s dog’s name.

User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Latest Articles

How To Master English Fluency: 10 Effective Tips and Tricks
When it comes to language learning, we often come across the word ‘fluency’. But what does it mean exactly? Simply put, fluency is the ability to articulate a message ...
Read article
4 Reasons To Choose CRM Software With AI
With the competition increasing, maintaining lasting customer relationships is more crucial than ever. Customer relationship management (CRM) systems have long been the backbone of most businesses’ effective interaction management, helping them streamline processes, improve satisfaction, and boost sales
Read article
Empower Your Wedding With The Perfect Hashtag
Do you remember the time when # was a simple sign used only in phone menus? The mundane past of the hashtag is now gone, because Twitter came, saw, and turned this barely known sign into a global Internet craze. 
Read article

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us