Photo: Oliver Berg/picture alliance via Getty Images

No one likes passwords as a standalone tool to authenticate users. Since 2012, many groups have moved to "kill the password," using that phrase specifically. Yet we'll end the year of 2019 as password-dependent as always.

The big picture: The adage goes that there are three ways to authenticate users: asking them for a thing they know (like a password), a thing they have (like a house key) or a thing they are (like a fingerprint scan).

  • "A thing you know" is the only one of these a hacker can guess.

Everyone wants to kill the password. Google wants to kill the password. Microsoft wants to kill the password. The National Cyber Security Alliance wants to kill the password. Yahoo wanted to kill the password in 2015. Cellphone companies tried to kill it in 2014.

"Passwords won’t even be mostly dead anytime soon, because the fatality won’t spread to legacy applications that are too expensive to retrofit," said Wendy Nather, head advisory chief information security officer of Duo Security, a Cisco-owned company that specializes in bolstering login security.

The intrigue: There are other options than passwords for consumer-friendly security.

  • A widely supported passwordless encryption protocol called WebAuthn is the most recent attempt to codify a global standard.
  • Microsoft, and others, offer apps that use cellphones to authenticate.
  • Google and Facebook allow users to login once on their services and log into other sites based on their go-ahead.

But, but, but: Users have a tendency to assume that authentication systems that are easier to use are less secure — that, somehow, the amount of effort it takes the user to do something is indicative of how difficult it would be for a hacker to break in.

  • The Facebook breach shows some of the dangers of using a website with multiple moving parts as a centralized clearinghouse of user authentication.
  • And, in general, for the security savvy consumer, it's always safer to use multifactor authentication — say, a thing you have plus a password or a biometric plus a password.

Editor's note: Wendy Nather is the sister of David Nather, managing editor at Axios.

Go deeper

Updated 1 hour ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 12 p.m. ET: 12,553,591 — Total deaths: 561,038 — Total recoveries — 6,909,209Map.
  2. U.S.: Total confirmed cases as of 12 p.m. ET: 3,188,982 — Total deaths: 134,130 — Total recoveries: 983,185 — Total tested: 38,856,341Map.
  3. Public health: We're losing the war on the coronavirus.
  4. Food: How the coronavirus pandemic boosted alternative meat.
  5. World: India reimposes lockdowns as coronavirus cases soar.
  6. 🎧 Podcast: Rural America has its own coronavirus problem.

Romney calls Stone commutation "historic corruption"

Sen. Mitt Romney. Photo: Tom Williams/CQ-Roll Call, Inc via Getty Images

Sen. Mitt Romney (R-Utah) on Saturday tweeted a scathing response to President Trump's Friday night commutation of former associate Roger Stone's prison sentence, calling the move "[u]nprecedented, historic corruption."

Why it matters: Romney has emerged as the party's most prominent Trump critic. He sent shockwaves through Washington after announcing he would vote to convict Trump in the impeachment trial — becoming the only Senate Republican to break ranks and vote for the president's removal from office. Now he is the first major GOP lawmaker to condemn Trump's Friday night call regarding Stone.

6 hours ago - Health

We're losing the war on the coronavirus

Chart: Danielle Alberti/Axios

By any standard, no matter how you look at it, the U.S. is losing its war against the coronavirus.

Why it matters: The pandemic is not an abstraction, and it is not something that’s simmering in the background. It is an ongoing emergency ravaging nearly the entire country, with a loss of life equivalent to a Sept. 11 every three days — for four months and counting.