The Password Is Finally Dying. Here’s Mine
Device-Based Authentication Is Making Passwords Irrelevant
Google is working on an as-yet unnamed protocol that allows you to connect to your online accounts on any device by authenticating yourself with your smartphone. This could be a code sent to you, or even a “smart ring.” In June, Google showed off one version of this scheme, in which a user’s laptop can be unlocked by the mere presence of his or her smartphone. It might seem foolish to replace an authentication token that you keep in your head (a password) with one you keep in your pocket (like a phone) but consider: The former can be obtained by hackers, and the latter you can shut down the moment it goes missing.
Recent WSJD Articles on Passwords
The Man Behind the First Computer Password: It’s Become a Nightmare
Another Cyberattack? Follow These Password Tips From the Pros
Personal Tech Review: The Best Way to Manage All Your Passwords
If you have either an iPhone or a newer Samsung phone running Android, it’s simple to lock your phone remotely, even wipe it. So even if a thief gets his hands on the skeleton key to your accounts, you can disable it easily. Plus, your phone is itself locked (or should be) with a PIN code or even a fingerprint sensor.
If you want to sample the early version of a post-password future, all you have to do is switch on a common security feature of every major Web service. It’s available across all the Web giants, including every account offered by Google, Yahoo, YHOO -0.25% Microsoft, MSFT +0.74% Facebook, FB -1.08% Twitter and dozens of others, and yet surveys suggest more than half the public hasn’t heard of it. It’s called two-factor authentication. And if you have ever taken money out of your bank account at an ATM, you’ve already experienced it.