The Password Is Finally Dying
Posted: Mon Jul 14, 2014 7:42 am
Here's Mine
By Christopher Mims
The Wall Street Journal
The password to my Twitter account, which has been mine since 2007 and through which I have published more than 51,000 tweets, is "christophermims." Knowing that won't help you hack it, however. In fact, I'm publishing my password to make a point: The password is finally dying, if we want it to.
Before I outline why I'm so confident about the irrelevance of the password that I'm willing to give mine away, let's talk about what is already succeeding them, at least on a trial basis, on Google's corporate campus: device-based authentication.
Google is working on an as-yet unnamed protocol that allows you to connect to your online accounts on any device by authenticating yourself with your smartphone. This could be a code sent to you, or even a "smart ring." In June, Google showed off one version of this scheme, in which a user's laptop can be unlocked by the mere presence of his or her smartphone. It might seem foolish to replace an authentication token that you keep in your head (a password) with one you keep in your pocket (like a phone) but consider: The former can be obtained by hackers, and the latter you can shut down the moment it goes missing.
If you have either an iPhone or a newer Samsung phone running Android, it's simple to lock your phone remotely, even wipe it. So even if a thief gets his hands on the skeleton key to your accounts, you can disable it easily. Plus, your phone is itself locked (or should be) with a PIN code or even a fingerprint sensor.
MORE
By Christopher Mims
The Wall Street Journal
The password to my Twitter account, which has been mine since 2007 and through which I have published more than 51,000 tweets, is "christophermims." Knowing that won't help you hack it, however. In fact, I'm publishing my password to make a point: The password is finally dying, if we want it to.
Before I outline why I'm so confident about the irrelevance of the password that I'm willing to give mine away, let's talk about what is already succeeding them, at least on a trial basis, on Google's corporate campus: device-based authentication.
Google is working on an as-yet unnamed protocol that allows you to connect to your online accounts on any device by authenticating yourself with your smartphone. This could be a code sent to you, or even a "smart ring." In June, Google showed off one version of this scheme, in which a user's laptop can be unlocked by the mere presence of his or her smartphone. It might seem foolish to replace an authentication token that you keep in your head (a password) with one you keep in your pocket (like a phone) but consider: The former can be obtained by hackers, and the latter you can shut down the moment it goes missing.
If you have either an iPhone or a newer Samsung phone running Android, it's simple to lock your phone remotely, even wipe it. So even if a thief gets his hands on the skeleton key to your accounts, you can disable it easily. Plus, your phone is itself locked (or should be) with a PIN code or even a fingerprint sensor.
MORE