Microsoft is trying to kill the password, and it’s about time. This week, the company said the next test version of its stripped-down Windows 10 S operating system will strip out passwords as well, by default. If you go through setup as recommended, you’ll never get a password option.
Hayley Tsukayama | The Washington Post
But killing the password altogether will take more work and time — and the problem may get worse before it gets better.
Which is a shame. Passwords, we can surely agree, are the bane of modern digital existence. On a big-picture level, insecure passwords cause an estimated 80 percent of breaches, according to a 2017 report from Verizon. On a human level, they’re paralyzing; right when you need to access your utility bill, you can’t remember if you replaced the “a” with a 4 or an @ symbol. Or when, say, a missile alert has gone out to your entire state and you can’t find your password to give an all-clear.
Passwords have amassed their share of enemies. Microsoft’s latest move follows pushes from Apple, Google and others to shake up the old passcode and password system with fingerprint scans, face scans or temporary codes.
There’s no question passwords aren’t adapting to a modern age. “It’s quite clear to us that the era of the password is passing. Based on the significant amount of accounts that now exist, it doesn’t scale as a system,” William Beer, a principal at the business management consultancy EY, said.
Microsoft has been waging a war on passwords for a while. Like others, it has poured effort into other types of authentication, namely biometric scans of your face or fingerprints — it introduced facial recognition unlocking for Windows PCs in 2015. It has also built an app that you download onto your phone to provide an ever-changing code to act as your password.
“This relic from the early days of computing has long outlived its usefulness, and certainly, its ability to keep criminals at bay,” an official blog post from Microsoft said in December.
Now Microsoft is edging even closer to pushing passwords off a cliff, at least in its lighter version of Windows — though it’s worth remembering that not every feature that gets tested in early versions of operating systems makes it to consumers.
But we don’t have a lot of time to work on a slow revolution. The way we handle security is about to hit an even bigger test.
One reason passwords are awful is that there are so many of them. Dashlane, a password manager company, found in a survey of its own customers that they have an average of 130 accounts with passwords.
And password overload is poised to get worse before it gets better. Technology companies are doggedly pushing into more areas of our lives by giving “smarts” to any item that can accommodate a chip — from your toilet to your car to your bed. Securing all of those gets messy, and it’s not remotely feasible to think that you could create a secure, unique password for every home appliance. It’s equally chilling to think that they are collecting very personal data, and how important it is to have that information secured.