BU Today: Tired of Remembering All Those Passwords? Help May Be in Sight
Excerpt from BU Today | By: Rich Barlow | November 19, 2024 | Photo: iStock
Passwords have protected—and perplexed—people since they were invented during the Kennedy administration for a multiuser computer at MIT. The leader of that long-ago project more recently called passwords “kind of a nightmare.”
It doesn’t take a PhD in computer science to know why. Hackers can heist passwords, compromising your accounts, or in some cases, those of millions of people. We’re told to create many different passwords to limit that threat, but remembering them all is daunting. That’s why the world’s most common password (easy to remember—and to hack) is “123456.”
A story recently published in Vox asserts that “a world without passwords is in sight” thanks to passkeys: encrypted codes, stored on a device or password manager, that allow a user to log into websites and apps by using their fingerprint, a PIN, or facial recognition. They are impervious, passkey developers say, to phishers and cannot be stolen.
The list of major websites that support passkeys ranges from Amazon to Best Buy to Google to Walmart, though many keep a password as a backup if users lose track of their passkey.
BU Today asked Mayank Varia, an associate professor in BU’s Faculty of Computing & Data Sciences, whether passwords are bound for the way of the brontosaurus. “Security, just like life, is all about trade-offs,” he says. “The question is, what is the convenience-versus-security trade-off? And there’s a whole spectrum of options there, and I think [a passkey] is a reasonable choice within those options.”
Varia researches cryptography and serves on the United Nations Privacy-Preserving Techniques Task Team, which promotes laws and policies regarding cryptography and protected data analysis.