recommended reading

What the future without passwords could look like

Pedro Miguel Sousa/

The end of the password is near. The brains at Google are experimenting with new authentication technologies for email, but it's not just our email that needs saving. Passwords everywhere don't work. The most optimistic thinking goes that with every new massive account info hack, companies will start adopting better technologies for protecting our user data, until one day the password is as much a relic as the floppy disk. For a look into what will come next, The Atlantic Wire spoke with security experts and analysts and the future without passwords involves a lot more passwords than we expected.

It Will Still Involve Passwords...

Despite Mat Honan's strong assertion in Wired last year that "the age of the password has come to an end," pretty much everyone we spoke with doubted that the password would disappear forever. The password will live. It just won't be the only means of security. "Most people will move away from relying on passwords as the only means of authentication," said Jeremy Grant, who heads The National Strategy for Trusted Identities in Cyberspace, a government organization working to advance the password ecosystem beyond passwords.

Rather, in the future, the password will be part of the security "constellation," as Forrester analyst Eve Maler put it. For the most important gateways to our lives, like email accounts, Google's 2-step authentication, which The Atlantic's James Fallows is a vocal proponent, combines a password and an ever-changing code sent via-text. The second aspect might look an awful lot like a password—Google texts a string of characters, for example. Or it might entail something more personalized, depending on the type of information we're trying to protect. But the password will still be in the mix.

While hacks loom, any extra steps means more of a burden for the user. Yes, having to go upstairs to get your phone is more annoying than remember 25 passwords. That hassle will never be worth it for certains things. Also, because of that perceived annoyance, it might take awhile for the multi-step thing to catch on, unless companies mandate it. 

Read more at The Atlantic Wire

(Image via Pedro Miguel Sousa/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.