PayPal Exec Wants to Obliterate Passwords

If you spend any amount of time online, you'll know just how important passwords are. But are they on the way out? PayPal's chief information security officer Michael Barrett wants to remove the need for passwords completely. Aside from working for PayPal, Barret also works as the president of the Fast IdentityOnline (FIDO) Alliance, an organization that hopes to revolutionize authentication with a new, more secure protocol.

According to MacWorld, Barret believes that our widespread use of passwords is making them less secure. Because people tend to reuse passwords rather than remembering a different one for every service they visit, Barret says a user is really only as secure as the least secure place they go online. Furthermore, he wants passwords to die off.

"Users will pick poor passwords and then they'll reuse them everywhere," Barrett is quoted as saying at Interop late last week. "That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the internet."

FIDO is hoping to eliminate the need for passwords using a combination of hardware, software and the internet. More specifically, FIDO offers a range of solutions incorporating finger print readers, hardware tokens, and USB memory sticks as well as special software. This token verifies your identity and the software relays the FIDO protocol back to whatever website you're trying to access.

 

"For most people, they authenticate to a very small set of devices. The notion is you authenticate to your device and the device authenticates securely to a [website]," Barrett is quoted by The Register as saying. "The credentials that authenticate you to your device are stored securely in the device and do not leave it."

Barrett says we'll start seeing FIDO-enabled devices starting this year. However, it will likely be a while before the protocol becomes widespread enough to kill off the common password. Until then, the best thing you can do is use different passwords for every account, set up two-step verification where ever possible, and change your passwords often.

Further Reading

MacWorld

The Register

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
15 comments
    Your comment
  • aracheb
    this look like a cross of interest here, doesn't look like he want to eliminate the password because is creating problem; this look like he want to favor his personal company while pushing paypal and the user to buy his personal company crap.
    7
  • aracheb
    this look like a cross of interest here, doesn't look like he want to eliminate the password because is creating problem; this look like he want to favor his personal company while pushing paypal and the user to buy his personal company crap.
    -6
  • fudoka711
    Yes, it could be a conflict of interest (not cross), but he does have a point when he talks about people using dumb passwords and then using the same or similar ones across all their accounts. I don't really know if his mentioned method(s) are the best alternatives for the future, but something should be done.
    0