Microsoft & Facebook...Welcome to the #NoPasswords Revolution

by Ori Eisen

April 4, 2017

Today, we saw the biggest names in tech – Microsoft and Facebook – take action to get rid of passwords. While they are taking different approaches, the driving force behind each new solution is the same: the inconvenience of remembering passwords.

Welcome to the #NoPasswords Revolution , the movement started by Trusona.

For years, I have been on a mission to make passwords obsolete. Not only are they a pain to create and remember, they are not an adequate defense against cyber attacks and continuing to rely on them puts consumers and organizations at risk. They also incur significant costs for businesses to maintain and support. Something has to be done.

The actions that Microsoft and Facebook are taking are a step in the right direction, yet do not solve the entire problem. While I foresee a future without passwords, additional precautions need to be taken into consideration before we can finally do away with them:

  1. Static is the enemy. Anything that is static –  including usernames, passwords and answers to security questions –  can be lost, stolen, or compromised. Any solution that hinges on user entering static data is not strong enough to thwart cyber attacks.

  2. Malware is widespread. Malware is always listening and any credential that is used repeatedly can be replayed. With a plethora of malware viruses being released every day, we may never be able to get ahead of the enemy. Therefore, we need technology that makes every log-in dynamic in order to fight against the basic premise of how malware attacks.

  3. Password managers still use passwords. If we’ve learned anything from the recent LastPass incident, it is that password managers don’t work because they are still guarded by passwords. If the service, currently secured by one master password, is compromised, are you OK that your bank account, health records and your tax returns, to be exposed as well?

Microsoft and Facebook are definitely spot on when it comes to their intentions to kill passwords. At the very least –  and I think they’re doing much more than this –  they are thrusting the shortcomings of passwords into the front of the conversation, encouraging more companies to start thinking about and addressing how much they rely on such an antiquated technology. While all have great intentions to address consumers’ password fatigue, until we’ve fixed the entire problem, the mission is not complete.


 

Karen Dayan