They're also chronically weak, easily hacked and often forgotten. Meanwhile, security threats are becoming more complex and sophisticated.
An industry consortium known as Fast IDentity Online (FIDO) Alliance is pushing to kill off the password for good and replace it with a stronger, more secure identity authentication. The majority of online attacks and identity theft are connected to password theft, according to FIDO, which noted that people have too many accounts and passwords to remember and reuse the similar ones across sites (see graphic).
The group, founded in July 2012 by PayPal, Lenovo, Nok Nok Labs and Validity, received a major endorsement this week when Google, NXP and CrucialTec, joined the effort.
Google gave up on passwords as the go-to security system some time ago. The search engine giant offers two-step authentication to help users secure their accounts. And its research team has floated the idea of a ring-authentication device embedded with a USB-connectable token — potentially including a YubiKey cryptographic card — which you would then plug in to your computer, register yourself, and once identified be able to access any account you choose.
FIDO is working on technical standards that will support any kind of replacement. FIDO wants to ensure whatever replacement method someone opts for, whether it's a USB security token or Google's ring, it can be used universally across all of their accounts.
The alternative, where folks have to use a variety of hardware and communication-based authentication devices like voice recognition, would certainly cause confusion. It would also reduce the likelihood people would adopt the identity authentication tools.