Passwords

LevenTech Position
An evolving statement that changes along with current events and input from the public.
Add your thoughts in the comments section.
Any password requirement will force the user to dilute their existing personal security. Intelligently managing passwords can help greatly, but the only real alternative is to avoid passwords entirely. LevenTech encourages the use of alternative authentication methods.

People can only remember a certain number of passwords. Each time they reuse one of the passwords they can remember, that particular password (and any accounts its used for) becomes less secure. This is because there is now at least one more possible way a hacker could obtain that password and access the other accounts.

To maximize security, a user should use a different password for each account. Most users don’t do this – but even if someone did, they’d be forced to use a “password safe” to keep track of all their passwords. In that case, a user’s personal security would depend heavily on the security of the password safe itself. And just as each use of a password makes it less secure, each new password added to the safe would increase the frequency that the password safe is accessed – and subsequently increase the chances that a hacker could hijack that access.

It’s obvious from these principles that an average person will lose security over time. The only way to break this cycle is to avoid using passwords (or any authentication method that relies on personal memory). Instead, we should be exploring alternative authentication methods.

The Ideal Authentication Solution

  • Ease of Use: access should be easy, not requiring a lot of time or effort
  • Multi-Factor: access should include multiple forms of identification, to help prevent use of stolen IDs
  • Scalable: users should be able to customize the level of security for low-risk or high-risk services
  • Alternatives: in case the user loses access to an authentication method, there should be sufficient alternatives
  • Share-ability: users should be able to grant access to another, ideally with the ability to dictate the terms of access
  • Non-Diluting: proving your identity should not give away your identity proof (a common method for this is the use of public/private keys)
  • Of course, eliminating passwords is only the first challenge. People will still need to learn the basics of managing personal security.

    Recommended Articles:

    Leave a Comment