



The Wall Street Journal has yet another article today telling us how terrible it is that we’re all still using passwords:

“Passwords are awful and need to be shot,” says Jeremy Grant, head of the National Strategy for Trusted Identities in Cyberspace, a task force created by President Barack Obama in 2011 to bolster online security. Despite all their flaws, passwords are so ubiquitous, cheap to use and entrenched in the architecture of websites and the rhythm of human behavior that efforts to supplant them have barely budged. “It’s the only piece of technology from 50 years ago we’re still using today,” says Brett McDowell, a senior Internet security adviser at eBay’s PayPal unit.

First things first: McDowell is wrong. We still use keyboards. We use monitors. We use hard drives. We use integrated circuits. Now, you might argue that we use way better versions of those things (except for keyboards, which inexplicably keep getting worse), whereas passwords are mostly just as primitive as they were in 1964. But that’s as far as you can plausibly go.

Anyway. Why do we still use passwords? Answer: for the same reason front doors still use simple locks. They may provide weak security, but they do provide some security, and they’re the only solution that’s both cheap and universal. So if you think it’s scandalous that we’re still using passwords 50 years after they were invented, then prepare to be even more scandalized by front-door locks. That technology is centuries old!

And then prepare to be even more scandalized, because none of the proposed replacements for passwords (fingerprint scanners, gesture identification, face detection, etc.) are either cheap or ubiquitous, and they’re not going to be anytime soon. No matter what your preferred solution is, it needs to become a standard and then get rolled out on every computer in existence. Please note: Not every PC. Every computer. Not every American computer. Every computer in the world.

So quit moaning about all this ancient technology. Passwords are going to be around for a while, no matter what the security gods of Silicon Valley would prefer. In the meantime, if you’re a user, use strong passwords. If you’re a corporation, encrypt your hash databases. If you’re a technology guru, put away the retinal scanners and alpha wave detectors and figure out a clever way to make passwords more secure. Passwords may be here to stay for a while, but they don’t have to be the Achilles’ heel of the entire internet.