Cyber attacks happening every second and interestingly no brain or technology outrightly kick the hackers out of the cyber world; so, how about closing venues for hackers to intrude?

One of the ways cybercriminal indulge in our life is passwords; no matter how complex passwords you think or get a password manager, your passwords are still insecure and possibly guessed by hackers.  

New to password-hacking? Let me share with you the largest collection of breached data that found in January 2019, discovered the compromised passwords and email addresses of more than 770m users; means 10% of the world's population, isn’t gross?

What if I come to you and say that you now no need to enter passwords for any login ever again, you may throw your arms around me and feel like it is V-J 1945 and we are at Times Square.

Frankly speaking, passwords are grits of our digital oysters, and the friction of creating them with outdated rules, memorizing them, changing them often, and entering them correctly, never forms a pearl.

The good news is - The Death of Passwords is near!

Security company MobileIron upgraded its suite of products, allowing IT managers to abolish the password on mobile devices to practice “zero sign-on” access. The firm is relying on security features with modern hardware coupled with other signals to make a no-password login possible without compromising the security.

For now, MobileIron is at the edge of the shift away from passwords; the move is nowhere near as radical as it sounds. Some companies are investing in such technologies to give consumer apps and websites better security, requiring less work on their part.

Let’s go through the journey password has traveled.

Passwords - 1960s tech in the 21st century

The password became the quantum of identity almost accidentally. Its origin is dated back to the 1960s when it was introduced by the time-sharing system at MIT. It was started as a simple way to keep files private on a single machine when limited computers have existed in the world.

Managing one password for one computer was the easy job; had anyone predicted that we would end up with so much data to secure when multi-billions of devices and accounts were not enough, how one could think of protecting all of them with passwords.

Thanks to Password management software such as 1Password, LastPass, etc. complimenting second-factor authentication (2FA) for solving our password hassle, but again it's an escape from passwords to a password.

Most people still don’t prefer a password manager, which makes their passwords somewhat or highly vulnerable to account-hijacking or cracking. To avoid password completely, an approach that could pair identity and access is required; once you have proved sufficiently who you are and that you own a respective device or account that requires biometrics to access - a fingerprint or facial scan - a password doesn’t require then.

Using a mobile-first or mobile-always-available approach, MobileIron is shifting the weight of authentication factors. In multi-factor security systems, the factors are described as something you have, something you know, and something you are. What you know - password, which is known to be the foundation of security, but if a security system grant access based on what you have (like a mobile device), and something you are (a biometric parameter), you don’t need to know anything, and the password becomes useless.

The current example of this is mobile payment systems - Apple Pay and Google Pay, which let you enroll in a credit or debit card, and process your transactions based on your phone, watch, or tablet and something you are (biometric confirmation via an Apple's Face ID or Touch ID)

The MobileIron’s new zero-password option will possibly be helpful to its current and future customers, who will be stress-free from breaches and password management. But its applications are far broader.

This subversive idea of killing passwords at a corporate level reflects enough insights on how the smaller-ventures and consumer markets could shift from the most hated element of computing.

How Password-free mindset initiated?

MobileIron commissioned a survey of 200 executives decision-makers of cybersecurity, most companies with 1,000-plus employees. The study revealed;

• 50% said that the risk of breaches will be reduced by eliminating passwords.

• 90% of the cybersecurity leaders supported the idea that stolen credentials led to unauthorized access attempts.

• 86% declared they wish to give passwords the heave-ho.

These problems and attitudes are the result of many years of security experts and IT gurus trying to discourage companies and individuals relying on passwords.

The FIDO (Fast ID Online) Alliance also took the password-free initiative in 2013 with eliminating the paradigm of passwords as the important authentication element. The group’s membership includes nearly almost all the key financial, dotcom, telecom, and software company, except AT&T and Apple.

FIDO stresses public keys, allowing people to have a secret “private” along with a paired public key that prove their identity or encrypt messages; the concerned users can decrypt only. A bundle of newer standards called FIDO2 further brought it far closer to reality.

Last year, Microsoft also adopted several different no-password login options, some of which were somehow on FIDO2. In February, Google announced that Android device (version 7 and later) now confirmed to FIDO2 standards, hosting no-password logins to users.

Apple also seems to be the holdout with the FIDO Alliance, allowing Touch ID and Face ID for authentication only in third-party apps, but not websites, after enrollment within the app.

This is the right time to say goodbye to Passwords

If I told you to get rid of your passwords a decade ago, you would have thought me deranged, because at that time everything was up to the point where we needed stronger, better, longer passwords to defeat the breaches which were cropping up seemingly daily.

But a decade of breaches taught companies of all sizes that their job of securing passwords had been terrible. It also reflected that users often choose weaker passwords, though I am not blaming them, still, data protection is becoming more than anything.

It’s the right time to kill the password, contributions made by companies like MobileIron, Google and Microsoft can wave a not-very-fond farewell to a brittle chewing gum that’s holding the gubbins of security together.

Want to have a look into the future? Listen what MobileIron’s Biddiscombe is saying,

“I just stare at my device, and my device knows it’s me, and the enterprise opens access to the various services I need.”