Are Passwords Obsolete?

Are Passwords Obsolete?

With Google pushing the new U2F (Universal 2nd Factor from the FIDO alliance) will passwords be replaced with biometrics or a USB you keep on your key ring as a form of identification?

There are a lot of companies that have put their money behind U2F, but very few have implemented it yet. The largest hurdle that has to be overcome next is getting every user the equipment they need to use U2F. It will come as new mobile phones roll out with biometrics installed on them and as companies are willing to pay to send users USB keys, and configure their services to support U2F.

Although the USB keys are cheap ($5 to $60), most people will not pay that price for tech they do not understand. For end users the time to learn the How and Why and then find the U2F that is right for them is too much even with the new standard. This issue is going to have to be pushed by the companies who are willing to spend time and money to address it.

In the short term only a few people who are concerned about security will use this new tech. It will take many years and more passwords being stolen by hackers before the average company will see the benefit behind the cost.

In the longer term this standard or another like it will take over the market for secure online communications. Today there are only a few companies in this market, the leader in end user tech is clearly Yubico but as this market heats up there are sure to be many more.

Passwords are here to stay, however in the future they will be a smaller part of the authentication puzzle.

Hak5 on FIDO U2F and Google's 2-step verification from Yubico on Vimeo.