The use of passwords dates all the way back to ancient times. The Roman military used watchwords, as they called them, to authenticate the rotation of soldiers on guard duty.
Computer passwords have been around since the 1960's. They were first used to secure access to files on a large computer system at MIT.
The computer password served it's purpose well back then, but was never intended for securing access to accounts on the internet. The man credited for creating the computer password even calls them a “nightmare” and “nuisance”today.
Why Passwords Are Problematic
Don't get me wrong. When used and handled correctly, passwords are still pretty good at keeping unauthorized people from gaining access to things like your online giving account. But despite best intentions, passwords aren't always handled with the proper care they need.
Let's take a look at some of the reasons why passwords are problematic.
Passwords are abused
Back in 2012, a study found that people had an average of 26 online accounts. Of those 26 accounts, the number of them that had a unique password was only 5. That means 81% of the accounts shared a password with another account.
If the same password is used for multiple accounts and is compromised, the password thief essentially has access to every one of those accounts. And if one of those happens to be your online banking account, that's bad.
So be smart. Don't reuse passwords across multiple accounts.
(Good) Passwords are hard to remember
If you have 26 different accounts, it's hard to keep track of all those passwords, right? I feel your pain.
To make things worse, good passwords should be complex and hard to guess, so it's usually recommended you include special characters in your password. Good luck remembering a password like t@3$!0idKD3a+ncW4%. Now picture trying to remember 26 others just like that! It's enough to make my brain melt down.
To help with this, the Password Manager was born. They're great at keeping track of the myriad of passwords we all have. Most browsers now have password managers built right in.
But here's the deal. The simple fact that you need a Password Manager in the first place is a signal that passwords themselves are a problem.
Passwords are out of your control
Let's say that instead of picking a password that's easy to guess, like your cat's name (sorry, Fluffy!), you are careful to choose a complex password that's strong and hard to guess. Once you submit that password to log in to an account, you're trusting the owner of the website to store that password responsibly. This means encrypting the password before storing it in their database.
The problem is that while this is accepted practice and basic Password Management 101, not all companies do this. If someone were to break into their system and steal your unencrypted password, they can now log into your account.
While I'd like to be able to give you a good remedy for this one, there's not much you can really do. It's up to the owner of the website to handle your password with care.
The only thing I can recommend here is to change your passwords often so in the event your password is stolen, they'll have access to your account only for a limited time. But again, when you have 26 accounts (or more), rotating your passwords is a real hassle.
A Password Alternative
Here at Txt2Give, we recently rolled out our new online giving option. Anytime we create a feature, we put a lot of thought into the user experience, and how we can come up with creative ways to make typical experiences better.
When we thought about the login experience, and the idea of forcing people to create yet another username and password, we didn't like it. It just didn't feel right. So we set out to do something different!
We've created a login experience we're calling Off-Screen Authentication. If you're familiar with 2-factor authentication using text messaging, it's similar, but with a twist.
With our Off-Screen Authentication process, instead of submitting a username and password to log in, people enter only their mobile number. On the next screen, they're presented with a temporary, random 4-digit number called a Secure Login PIN. Simultaneously, they are sent a text message to their mobile device asking them to verify the Secure Login PIN they see on their screen. Once they reply to the text verification message using the correct PIN, their browser automatically logs them in.
Here's a quick video that shows it in action.
The advantages to this login process are:
- No new password to keep track of
- A new Secure Login PIN is generated each time the user logs in, so there is no static password to be stolen or compromised
- A second, separate element (their mobile device) is needed to authenticate the user, which increases the likelihood that the authenticated person is indeed the authorized user of the account, not just someone who knows their password
As the number of online services we use continues to increase and technology advances, I believe the password will eventually die. Instead, you'll start to see alternatives like our Off-Screen Authentication, or more advanced methods like biometrics become the norm.