Is two-factor authentication the death of the password?

Creating a password for a Google account. Google offers two-step password authentication.

Remember the AP Twitter hack about a month ago? The stock market took a deep dive -- for a little bit -- in response to the fake "tweet" that the White House had been attacked?

Well, it hadn't been, as we know. And we also know that these kinds of security breaches are pretty commonplace. Today, Twitter announced it’s offering two-factor authentication. For users who opt-in, your password won't be enough to get you into your account.

And this has got people saying that we might be seeing the beginning of the end of the password. The problem with passwords is human error and having to remember so many of them, says Dug Song, the CEO of Duo Security. He says -- despite repeated warnings -- people use easy passwords over multiple sites. “And so the realization has been that there has to be something strong to protect those accounts,” Song said.

So tech companies are trying to  get rid of the password. Facebook’s experimenting with asking you to ID photos of your friends, said Doug Tyger,  a computer science professor at U.C. Berkeley.

“Other people have proposed using biometrics, which would depend on measuring  cornea scan or a handprint or one of colleagues here has proposed using brainwaves!” Tyger said.

Authentication, in computer speak, is simply proving you are who you say you are. Right now, we do this by using a password. He says, if you sign up for Twitter’s new service, it’ll require a second verification. “You get an SMS message on your cell phone and it’ll have a six digit code and you have to enter it to authenticate yourself,” he said.

Paypal and lots of “financial institutions” are already making similar services available. Alex Salazar,  the CEO of the digital security-company Stormpath, says despite these efforts, the password isn’t going anywhere anytime soon. “Many of these other forms of authentication that people are experimenting with require an extra step, two or three, and you don’t see a lot of appetite from consumers,” he said.

Salazar says until technology makes it as simple as punching 1-2-3-4 into Netflix account, most consumers won’t make the switch.

About the author

Queena Kim covers technology for Marketplace. She lives in the Bay Area.
Log in to post3 Comments

Ms. Kim dont ignore biometrics and how this technology is already being embraced by technology early adopters... "Rush said EyeVerify already is in pilots with several banks and “soon” will go into pilots with a few credit unions – he declined to name names." from a Mobility Matters: Biometrics Rising article
It is expected to be a $20B industry by 2017 and with Apple and Samsung rolling out finger print phones in the next 3-6 months consumers will be forced to adopt let alone corporations will likely lead the initial charge.
The age of biometrics is here...

One of the two factors in current two-factor authentication schemes *is* your password, so how is it going away? Also, given that password vault software, which remembers strong, unique passwords for every site, is just $30, we can't blame security breaches on a lack of simplicity, just being cheapskates.

With Generous Support From...