Will Your Password Need A Password?
from the better-security dept
If you hadn't realized it already, simple username/password combos are a pretty weak form of security - yet they're pretty much all we have for many important online systems that store our most vital information. While there are other solutions out there, many companies (especially in the US) have been incredibly slow in adopting "two-factor authentication" systems that require a password plus something else - such as a onetime code generated by a device you have to have with you (or built into your computer). The idea, then, is that if your password is revealed, no one else has the device, so it's useless. If they find the device, they don't have your password, so it's useless. However, so far, many users don't value this additional security very much - and the devices still aren't all that cheap. Plus, many companies are worried that users will react negatively to such systems as it may slow down the user experience - causing them to look for other (albeit less secure) alternatives. Then, of course, there's the worry that people will start using such systems that aren't compatible with each other, so you'll need separate devices for every account - which would be much worse than before. Others, such as those in the fingerprint scanning business think a biometric approach makes much more sense - but that leads to all sorts of other questions and issues. Still, as there are more and more cases of fraud and identity theft due to so much weak security, it seems increasingly likely that companies will be forced to adopt more secure methods.