Are passwords really the best we can do?

by Al Berg on December 17, 2019

So by now, you have seen the news stories about the doofus hackers who are breaking into Ring cameras and scaring kids. And it turns out that these hacks were made possible by password re-use on the part of the camera owners. So, according to Ring, it is the victims’ fault. Case closed.

I hate blaming victims when bad things happen to them. Yes, re-using passwords is “bad security hygiene” and we should all use unique passwords for all of our accounts via a password manager. I do this, but I am a security professional. It is my job to be paranoid and spend time worrying about this stuff.

But you know what? Not everyone should have to be a security professional. It feels to me like the industry has failed users by designing systems that encourage bad security habits and that we still haven’t come up with something better than the password to keep attackers from spying on us, stealing our credit cards, or reading our secrets.

Password managers do work, and yes, they would have prevented this particular attack if used correctly, but let’s recognize them for what they are – a hacked together band-aid solution to a problem that keeps getting bigger every single day. Rather than keeping on burdening people who just want to use technology with more and more complex (and vulnerable) work arounds, isn’t it time we figured out a better way to secure the internet of things? I mean, if you believe the pundits, when 5G is rolled out, even more of the critical infrastructure is going to be internet accessible and passwords will become even more of a nightmare.

I think we can do better – there are plenty of smart people out there and I hope some of them are working on a better way of identifying and authenticating people than passwords. I mean, WE PUT A MAN ON THE MOON… oh great… now I sound like my crazy uncle… let’s just leave it there.