While passwords are the way of the land on the internet, PayPal’s chief information security officer Michael Barrett says that passwords and PINs are obsolete and we need a new standard for security on computers and the internet. Barrett thinks that the next step is fingerprint scanners, which he believes will debut on smartphones at some point this year.
Speaking at the Interop IT conference, Barrett was quite positive that passwords will die sometime this year, even going as far as putting an image of a tombstone up on the screen that gave an “R.I.P.” to passwords. He says that passwords “are starting to fail us,” and that there are better, more secure ways to easily log into accounts in a secure manner.
On top of PayPal, Barrett is the president of the Fast IdentityOnline Alliance (FIDO), which is an organization that aims to change online authentication with an open standard that’s both secure and convenient to use. Barrett thinks that fingerprint scanners will be the wave of the future, and he even brought up rumors about the next iPhone coming equipped with a fingerprint scanner, as well as a handful of other new smartphones.
We can certainly see where Barrett is coming from. Passwords can be really easy to crack, especially if people use the same password for all of their accounts, which is inexcusable, but it makes sense, as many people don’t want to take the time to remember 20 different complex passwords. Two-factor authentication has been making the rounds, requiring users to log in using a password as well confirming their identity through a hardware device, but it’s inconvenient. Barrett thinks that biometrics is not only convenient, but also much more secure than passwords.
However, he noted that passwords simply won’t go away after biometrics are introduced. It’ll certainly take a while before a new standard can completely take over, especially considering that passwords have been the standard for so many years. So while we could see smartphones with integrated fingerprint scanners, it could be a few years before a new security standard takes over full-time.