7 Reasons To Love Passwords
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltd34beba0d933e3c2/64f0dcba670959295fe4c7c0/computers.jpg?width=700&auto=webp&quality=80&disable=upscale)
There are, no doubt, more reasons to love the humble password. They give you the opportunity to say, "What's the password?" in a croaky whisper like a spy or the doorman of a speakeasy. Frequently typing them into your mobile phone is good training for the World's Fastest Texter competition. Giving determined thieves your password is preferable to giving them your appendages.
Why do you love passwords? Why do you hate them? Let us know in the comments below.
When a database of passwords is compromised, it's relatively easy to revoke those credentials and replace them with new passwords. If a database of fingerprint scans is compromised, though, security administrators can't go around confiscating users' fingers and replacing them with new ones. Hardware tokens can be revoked and replaced, but that is a slow and expensive process.
You've got the same fingerprint forever, like it or not, but you can periodically fire your password and replace it. That may be every 90 days, whenever security policy mandates that the password expires, or whenever the mood strikes. When Jon and Suzie break up, he can change that painful J0nandsuz1e4eva! password to J0nandsuz!eNev3rAg@in! easily.
Normally the purpose of a password is to prevent others from accessing your resources, so it's not something you generally go around broadcasting. Nevertheless, there are times that you desperately need someone else to access your files for you when you're not present. In those cases, you can provide that person with your password much more quickly and easily than you can provide your finger.
Sure, you generally bring your fingers and retinae with you everywhere, but fingerprint and retina scanners aren't quite as readily available. You may tote that USB token around on your keychain, but plenty of devices don't have USB ports. A password, however, can be entered into any device with a keyboard, regardless of that device's age, version, or logo.
Although each retina is unique, you have only two of them, if you're lucky. Your fingerprints are similarly limited. Yes, they are harder to spoof or brute force than a mere password. Yet, if nefarious individuals get hold of the file of your scanned fingerprint, they can use that very same data to access any other account that requires a fingerprint.
In fact, you should have a number of passwords... maybe not a different one for every single account, though. Hear what Microsoft Research's Cormac Herley said about that on Dark Reading Radio.
Although a stack of a thousand different randomly generated eight-character passwords would be difficult to remember without the help of a password management application, the option is available. The option is not available on fingers and eyeballs.
You can make your password whatever you want (depending, of course, on the restrictions mandated by the password policy). More even than your fingerprint, a password can really say "you." You can use it to honor your true love (J0nandsuz1e4eva!) or your favorite movie (H@n&Le1a4eva!).
And you're a complex individual. So you can make as many passwords as you like, all of which say a little more about who you are in the secret depths of your soul.
You can manage those passwords all on your own, storing them in your brain, in a password manager application (if you trust it), or on a stack of Post-it notes (if you trust them).
Passwords get a lot of abuse. With every data breach come outcries for ever-stronger passwords or, better yet, no passwords at all. "Trash those combinations of letters, numbers, and special characters," they say, "and get yourself some biometrics and a hardware token."
Certainly the humans who use weak passwords deserve a modicum of ridicule or censure, but that doesn't mean that all passwords themselves are bad. As Corey Nachreiner wrote on Dark Reading yesterday: "Simply put, a password is a key. If you lose your house key through a hole in your pocket, do you blame the key when a burglar breaks into your house?"
Plus, there are certain things that passwords can do better than other forms of authentication. Here are seven reasons to love them above all others.
Passwords get a lot of abuse. With every data breach come outcries for ever-stronger passwords or, better yet, no passwords at all. "Trash those combinations of letters, numbers, and special characters," they say, "and get yourself some biometrics and a hardware token."
Certainly the humans who use weak passwords deserve a modicum of ridicule or censure, but that doesn't mean that all passwords themselves are bad. As Corey Nachreiner wrote on Dark Reading yesterday: "Simply put, a password is a key. If you lose your house key through a hole in your pocket, do you blame the key when a burglar breaks into your house?"
Plus, there are certain things that passwords can do better than other forms of authentication. Here are seven reasons to love them above all others.
There are, no doubt, more reasons to love the humble password. They give you the opportunity to say, "What's the password?" in a croaky whisper like a spy or the doorman of a speakeasy. Frequently typing them into your mobile phone is good training for the World's Fastest Texter competition. Giving determined thieves your password is preferable to giving them your appendages.
Why do you love passwords? Why do you hate them? Let us know in the comments below.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024