« Driveables Are Shifting Into High Gear | Main | The Story of Streaming »

February 5, 2015

Remembering Multiple Passwords is Passé

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 11:21 AM

Remembering Multiple Passwords is Passé
Passwords have become even more difficult to remember and key-in, especially on small and cumbersome keyboards, which are common on mobile devices

Today life does not move without a fast and robust Internet connection. Be it banking, insurance, booking a movie or travel ticket, or shopping, the Internet has become a crucial part of everything we do.

Moreover, the services and demand surrounding the internet are increasing every day on both ends - the providers and the consumers. Of course, it all used to be a lot simpler: Users sat at their desks and navigated the web from their large desktops and laptops. But they've moved en masse from the standardized world of PCs to the fragmented and diverse world of smartphones and tablets. With emerging mobile users and an equally mobile workforce, even applications have become mobile. They are no longer hosted at a centralized datacenter but in the cloud.

To further complicate things, what is available online has exploded with the growth of applications on social networks. Who isn't addicted to Facebook? When such solutions are executed over an insecure open Internet, there are chances of getting trapped. Especially, if the static user identity and associated password are being used frequently by the user as they are simple and easy to use, anywhere and anytime.

However, for certain sensitive applications that need stronger forms of authentication, solutions such as hardware tokens, combined with public key infrastructure (PKI) are used. Such strong authentication methods are complex and costly both from a computational and economical perspective because their use is limited to special cases in enterprise workflow and online banking.

Today, information is disseminated across multiple accounts and interlinked, enabling new kinds of attacks, which are more damaging than the one before. Even when individual applications are secure on a standalone basis, its interaction with interlinked user accounts exposes new and unanticipated weaknesses in the security of these individual applications. Breaches have started to exhibit the domino effect, with each breach contributing to a subsequent one.

Passwords have become even more difficult to remember and key-in, especially on small and cumbersome keyboards, which are common on mobile devices. This further motivates users to memorize one password and reuse the same password everywhere, perpetuating a vicious cycle of weakened security and increased friction in user experience. Higher friction frustrates users and increases failed logins, lowering usage and user engagement. Older forms of strong authentication were not designed to address today's problems either. Diversity in devices, locations, and applications result in a corresponding diversity in authentication use cases. Most strong authentication systems address only a subset of the use cases required by organizations.

I think there's a need, therefore, to have an universal mechanism that can make it feasible to generate dynamic passwords, which in turn can be used every time by the user. If they experience the same ease and convenience without any major external burden, you've just retained another happy customer.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Search InfyTalk

+1 and Like InfyTalk

Subscribe to InfyTalk feed

InfyTalk VBlogs: Watch Now

Infosys on Twitter