Passwords remain the most common way to authenticate your online identity, but companies like Microsoft and Google are using alternate login methods. Tom Merritt offers five alternatives to passwords.
Passwords are not yet past, but that glorious future land where we don’t have to remember h0rs3##pl7 is getting closer. Microsoft is allowing logins without passwords. Google is allowing logins without passwords. These are secure logins—sometimes more secure than just a user ID and password. Just as a sample, here are five alternatives to passwords.
SEE: Password managers: How and why to use them (free PDF) (TechRepublic)
- Multifactor authentication: The right combination of factors means a password doesn’t need to be one of them. Facial recognition and a code from a USB key or authenticator app (or SMS, I suppose) could do well without a password. Microsoft uses a PIN as a fallback because it can be stored locally on a trusted platform module.
- Biometrics: Fingerprint readers for phones are widespread, and facial recognition is getting more reliable all the time. Future biometrics may start to use DNA.
- Behavioral recognition: This one works by taking in multiple data points like typing patterns, mouse movements, software usage, and Wi-Fi networks, and creates a score to decide whether to trust the user for access or not.
- Notifications: Logging in requires just the username and then a push notification on a phone or an email with a link used as second factor to log you in.
- Card and pin: From credit cards to grid authentication cards to Estonia’s ID, it’s the old classic combo of something you have and something you know—neither of them are stored in the cloud to be hacked.
As you can see, multiple factors is the running theme in all password alternatives, and if one of those factors is not remembering a 20-character string of letters, numbers, and special characters, I think we’ll all be happier.