We’ve seen in the past where people have used such words as ninja, jesus, 12345678, and password! I’ve talked about Lastpass in the past and I really believe they are the best possible combination of the two. With the recent questions of Password Length and Password Strength, I have come to the conclusion that in the coming years. People will be doing a 3 factor authentication and having the passwords as a back up. It really would be nice to have two ways to authenticate and not have to put in a password.
3 factor authentication!
Three factor authentication is a simple concept. Since we have a password we can simply use two other ways to authenticate for example a cell phone and maybe a Yubi Key. The password will be the backup for one or the other. If you lost your phone and still would need to authenticate you password would be one you can use in an emergency. Thus it really becomes a 2 factor authentication but since we could use all three to authenticate it would make it that much harder for a hacker to brute force an attack and get your sensitive data.
2 factor authentication!
Although most people don’t think of this but having a limited number of possible access to the important data can make it just that much harder and maybe get the hacker to go somewhere else. What about social networks? Do we really need that for social? I am thinking maybe and it just depends on how you login in the first place. I would love most of them to to maybe let me authenticate with Google and come back to them but that leaves a large hole. It just depends on how valuable your social status is and what the possible outcome of someone getting a hold of that social network.
Some would call it “leet” speak, and I’ve heard people say this is something we should do in reguards to making a password. I tell you know, we already have a 2,000 most common passwords and I am betting it has some really good leet passwords already. So what makes a hacker no try those to hack your account. I would think these would be tried after the primary just because this would also be the easiest way to gain access to an account.
In Ten years!
I am pretty confident in ten years we will see something like this happen and we will no longer be depending on a system that was developed in the late 1990’s. We have to be ready for change and keep it. I just hope it happens sooner rather than later and that most companies should jump aboard and help us get this implemented. I don’t know how hard this will be but it will be nice to not have to worry about a password anymore with my bank or other financial institution.