Kill the Password: A String of Characters Won’t Protect You

The full article originally appeared at www.wired.com.

“What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.

Instead, our new system will need to hinge on who we are and what we do: where we go and when, what we have with us, how we act when we’re there. And each vital account will need to cue off many such pieces of information—not just two, and definitely not just one.”

“In many ways, our data providers will learn to think somewhat like credit card companies do today: monitoring patterns to flag anomalies, then shutting down activity if it seems like fraud. “A lot of what you’ll see is that sort of risk analytics,” Grant says. “Providers will be able to see where you’re logging in from, what kind of operating system you’re using.””

 

Leave a Reply

Your email address will not be published. Required fields are marked *