The future of password managers
Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.
Bill Carey, Siber Systems
In the wake of last month's security breach at LastPass, the password management industry as a whole has come under intense scrutiny. When a password manager experiences a security breach, it is perhaps understandable that the entire sector is facing some tough questions about how seriously it takes security. In fact, people are now starting to question passwords in general and whether they are the most reliable way to keep private information secure.
Ultimately, though, realistic alternatives to passwords are limited, with other options, such as biometrics, not yet practical or cost-effective enough to represent a genuine substitute.
Immediate implications for password managers
While some see the latest news as a significant blow to the credibility of the password manager industry, in reality the breach is only a minor setback for the password manager industry as a whole. Given how much time we now spend online for both work and leisure, as well as the continuous news of corporate hacking and leaking of our personal data, the need for strong and unique passwords has never been greater.
Research conducted by Siber Systems earlier this year found that almost a third of us log in to 11 or more websites or applications on a daily basis. Most people struggle to remember more than three or four sufficiently strong passwords at a time, so there is still clearly a need for a system to help people manage their myriad passwords. Given that there are no technologies on the horizon that appear to be viable alternatives, it seems as if password managers are here to stay.
Can passwords survive?
The most obvious alternatives to the traditional password are biometric systems, such as fingerprint or retina scanning, which offer different ways to access information online. However, these technologies have been around for many years, and have so far failed to make any significant inroads into the cyber security space.
The reality is that innovations like these often come with a prohibitive price point, as well as being largely impractical or inconvenient for everyday use. Having to buy and carry around a fingerprint scanner as well as a laptop or tablet, for example, is not particularly convenient. Added to this, fingers or retinas can be affected by cuts or disease, causing access problems, and there is also the issue that biometric criteria cannot be easily revoked. If fingerprints are lifted or stolen – it's amazing what you can pick up with a simple swipe of sticky tape across a keyboard – fingerprints cannot be revised or altered with the same ease that a password can be changed.
Advances in technology may make alternatives to the traditional password more convenient in the future. But ultimately, biometrics is not the ‘Mission Impossible' security feature that many perceive it to be. Even in the long-term, the complete abolition of the password appears unlikely. The most realistic outcome is multifactor authentication, with passwords one part of a multiple step process to ensure an even higher level of security.
The future of cyber security
Clearly, there are alternatives to passwords. But in reality, we are unlikely to see any of them replace the traditional password in the near future. The cost and practicality barriers are currently too high.
In the future, passwords will continue to be at the forefront of cyber security, either as a strong, standalone tool, or as a key aspect of a multifactor authentication process. And this means that as long as password manager solutions can maintain high levels of security, they are set to continue as the safest and most effective way of ensuring security online.Contributed by Bill Carey, vice president of marketing & business development at Siber Systems Inc, which produces RoboForm.