Think HBR

Death of the password inevitable

PW web
An alarming number of people still use login credentials that are extremely easy to hack, such as “password” and “123456”, putting them at serious risk of identity theft, an Australian security expert warned following new research. Andrew Clouston, founder and CEO of personal profile manager app MOGOplus (, said the difficulty remembering complex passwords across multiple sites meant too many consumers were using the same basic credentials across all of their accounts. This is highlighted by new research from online security firm SplashData, which revealed its annual list of most common passwords. The top 10 passwords were: 123456, password, 12345678, qwerty, abc123, 123456789, 111111, 1234567, iloveyou and adobe123.
These findings are similar to previous research by computer security consultant Mark Burnett who analysed 6,000,000 unique username/password combinations that have been leaked on to the internet following hacking attempts.
If you’re not using unique, strong passwords for each website you log into you’re just asking to be defrauded,” Clouston said. “Strong passwords are at least 12 characters in length and contain a mix of letters, numbers and symbols preferably in both upper and lower case.” Clouston said one of the biggest trends of the recent Consumer Electronics Show in Las Vegas in January was the effort to kill the password. Innovations on display included:
• Fujitsu PulseWallet which identifies you by scanning the unique pattern of veins on your hand.
• Bionym lets you use your heartbeat as a password.
• EyeLock iris scanning software that recognises users by their eyes
“The heartbeat, vein and eye scanner tech from CES coupled with what we’re already seeing with the iPhone fingerprint sensor shows that the humble password’s days are numbered,” said Clouston.
An industry working group dubbed FIDO, which includes representatives from Google, PayPal, Microsoft and Master- Card among others, is working to develop new standards for authentication that do not use traditional passwords.