Dec 23, 2018

Passwords are here to stay in 2019 and beyond

Photo: Oliver Berg/picture alliance via Getty Images

No one likes passwords as a standalone tool to authenticate users. Since 2012, many groups have moved to "kill the password," using that phrase specifically. Yet we'll end the year of 2019 as password-dependent as always.

The big picture: The adage goes that there are three ways to authenticate users: asking them for a thing they know (like a password), a thing they have (like a house key) or a thing they are (like a fingerprint scan).

  • "A thing you know" is the only one of these a hacker can guess.

Everyone wants to kill the password. Google wants to kill the password. Microsoft wants to kill the password. The National Cyber Security Alliance wants to kill the password. Yahoo wanted to kill the password in 2015. Cellphone companies tried to kill it in 2014.

"Passwords won’t even be mostly dead anytime soon, because the fatality won’t spread to legacy applications that are too expensive to retrofit," said Wendy Nather, head advisory chief information security officer of Duo Security, a Cisco-owned company that specializes in bolstering login security.

The intrigue: There are other options than passwords for consumer-friendly security.

  • A widely supported passwordless encryption protocol called WebAuthn is the most recent attempt to codify a global standard.
  • Microsoft, and others, offer apps that use cellphones to authenticate.
  • Google and Facebook allow users to login once on their services and log into other sites based on their go-ahead.

But, but, but: Users have a tendency to assume that authentication systems that are easier to use are less secure — that, somehow, the amount of effort it takes the user to do something is indicative of how difficult it would be for a hacker to break in.

  • The Facebook breach shows some of the dangers of using a website with multiple moving parts as a centralized clearinghouse of user authentication.
  • And, in general, for the security savvy consumer, it's always safer to use multifactor authentication — say, a thing you have plus a password or a biometric plus a password.

Editor's note: Wendy Nather is the sister of David Nather, managing editor at Axios.

Go deeper

Biden bets it all on South Carolina

Illustration: Eniola Odetunde/Axios

COLUMBIA, S.C. — Most Joe Biden admirers Axios interviewed in South Carolina, where he's vowed to win today's primary, said they're unfazed by his embarrassing losses in Iowa, New Hampshire and Nevada.

Why it matters: Biden has bet it all on South Carolina to position himself as the best alternative to Bernie Sanders — his "good buddy," he tells voters before skewering Sanders' record and ideas.

Coronavirus updates: Market ends worst week since financial crisis

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The stock market ended its worst week since the financial crisis, prompting the Fed to release a statement. Meanwhile, the WHO warned that countries are losing their chance to contain the novel coronavirus and raised its global risk assessment to "very high" Friday.

The big picture: COVID-19 has killed more than 2,860 people and infected more than 84,000 others in over 60 countries and territories outside the epicenter in mainland China. The number of new cases reported outside China now exceed those inside the country.

Go deeperArrowUpdated 12 hours ago - Health

California coronavirus: Latest case has no recent history of international travel

Gov. Gavin Newsom. Photo: Kevork Djansezian/Getty Images

A new case of the novel coronavirus in California was announced on Friday after Gov. Gavin Newsom said Thursday that 33 people had tested positive for the virus, noting the risk to the public remains low.

What's new: An adult woman with chronic health conditions in Santa Clara County who "did not recently travel overseas" or come into contact with anyone known to be ill was confirmed to have contracted the coronavirus on Friday by CDC and California Department of Public Health officials.

Go deeperArrowUpdated 12 hours ago - Health