Last Friday at Interop, Paypal’s chief information security officer, Michael Barrett, let it be known that passwords were dead.
“Passwords, when used ubiquitously everywhere at Internetscale are starting to fail us.”
Given recent events surrounding Twitter account hacks and security breaches all over the web, Barrett isn’t completely wrong in his sentiment that passwords are beginning to backfire on us.
He added: “Users will pick poor passwords and then they’ll reuse them everywhere. That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the internet.”
We’re creatures of habit and generally pretty forgetful or maybe even a little lazy to a fault. But what Barrett is proposing in lieu of passwords is a more centralised authentication system. The open standard is run by FIDO (Fast IDentity Online) and seems to work like any other big corporation security system wherein you receive a fob with an alternating pass code at any given interval. Users can also authenticate themselves through biometrics or voice or any number of different ID/authentication tokens.
Barrett says we’ll see FIDO-equipped devices starting this year. This could either be the greatest thing ever or the worst thing to ever happen to online security. But what if FIDO gets hacked and we’re all screwed? Yay or nay? [Macworld UK]