The ubiquitous nature of smartphones and their ability to capture a variety of biometrics presents new and ambitious opportunities for simplifying our lives every day. Thanks to Touch ID, Apple Pay, smartwatches, and Android-equivalents, we’re able to pay for goods and services, access data and apps, and much more, all with the touch of a finger(print). But at the end of the day, we’re still using passwords, even celebrating them with World Password Day. Why?
Let’s take a look at a day in the life of the average password user, and what her life might be like without them.
An Unproductive Morning
Jamie wakes up to her phone alarm ringing on her bedside table and goes to hit snooze. Her phone requests a PIN to unlock, but luckily she has her fingerprint sensor enabled, so she swipes her thumb and the alarm snoozes for 10 more minutes.
During her morning routine, Jamie decides to check the news on her laptop over a cup of coffee. Once she wakes up her laptop a prompt flashes on her screen requesting a password. In her not-fully-awake state, it takes two tries to enter, because she misspells it the first time, even though her password is just her dog’s name and her birth year, “Clarence1981.”
Finishing up her coffee, Jamie gets ready for work. Once she’s in the car she unlocks her phone with her fingerprint again and turns on her favorite podcast for the drive.
Even in the span of an hour or two, Jamie had to interact with some form of password four times. Luckily, the native fingerprint sensor on her phone saved her time and hassle for three of those events, but if you have an older phone you’re out of luck!
Beginning the Work Day
Once she arrives to work, Jamie sits down at her computer and turns it on. Once again, a password prompt appears on the screen, this time for her company’s Active Directory environment. Jamie surreptitiously lifts her keyboard to glance at the sticky note she hid underneath to see what she changed her password to last time her IT policy required it. She types in “Clarence#2007,” the year she got him, and is logged in.
Once she’s online, she launches her browser and opens a few windows – her email, calendar, and a few apps she uses for work. In each one, a username and password prompt appears. Jamie waits a moment while her browser auto-fills each of these, tapping the “Login” button underneath, and a few minutes later she’s online.
In her email is a reminder to activate two-factor authentication by the end of the week per the new company policy. She deletes it without opening it and gets to work.
A few hours later, Jamie gets up to go to lunch and locks her computer, the familiar password prompt appearing on the monitor. She grabs her jacket and heads out for a meal with her team at a nearby restaurant. Once she arrives, she realizes she doesn’t have any cash on her, so she hits the ATM next door. After inserting her card, she taps in her PIN, “2007,” hits the Quick Cash button for $60, and grabs her receipt before heading back to the restaurant.
As Jamie’s day continues we begin to notice a theme. Did you catch how many security errors Jamie made? Let me give you a hint, there were at least four. She uses a similar password for her work computer as she does her home one – her dog’s name and a year. She wrote her password down so she didn’t have to remember it. She lets her web browser autofill her passwords (which are also all likely similar phrases and numbers to her other ones). And she uses the same number from her work password for her debit card PIN. At least she locked her computer before leaving her desk.
A Password-Filled Afternoon
Jamie gets back to her desk after lunch and taps in her password, which she remembers this time, to log back in. She’s been away for long enough that some of her web apps have timed out, requiring a new login, but she lets her browser fill them in again and moves on. One service, however, pops up an alert, letting her know it’s time for her monthly password change.
Grimacing, she clicks on the prompt and taps in an updated password, “Clarence1957,” adding in her mother’s birth year this time. Instead of a confirmation, however, she gets an error message. Salesforce has updated its password best practices, requiring a special character now. She sighs and types it in again, “Clarence#1957,” and is rewarded with a confirmation screen. She quickly accepts the popup in the right corner of her browser window asking her if she wants to update the saved password for this site, and moves on.
Later in the day, Jamie has a meeting with her boss to discuss a project plan. She opens up the meeting link in her calendar and receives a prompt for a PIN to enter the conference line. She goes back to her email to look for the PIN but doesn’t find it. She then switches over to her email and searches for the reminder for the call. A minute later she finds it, copies the PIN and pastes it into the conference window. Her boss is already on the call waiting for her.
Jamie ends her work day and shuts her computer down before leaving the office. When she gets to her car she realizes she left her keys on her desk. It was a long day and the building is already shutting down, with the security guards gone for the night. Jamie has to punch in a PIN to unlock the building door. She pauses, trying to remember it. She enters it in incorrectly twice before someone else from her office exits, allowing her to slip in. She grabs her keys from her desk and flips open a notebook, which has the door PIN scribbled on yet another sticky note, “4629.”
Jamie’s workday is full of passwords and PINs, and every time she encounters one she becomes more and more frustrated, even to the point of nearly getting locked out of her office and car. And she continues to use the same tactics to bypass best practices, using the same phrase for all her passwords and switching between various numbers that are easy for her to remember. But the day isn’t over yet…
A Peaceful Night?
Jamie unlocks her front door and heads inside. The familiar beeping nearby reminds her she needs to deactivate the security system. She flips on the lights and punches in an all-too-familiar code, “1981.” After kicking off her shoes and changing into more comfortable clothes, she sits down at her laptop and wakes it up to order dinner. She taps in her password and brings up her favorite site to order food. The familiar password prompt appears but her autofill enters it in for her and she has an order of sesame chicken and egg rolls on its way a few minutes later, already paid for by the card information she allows the site to store on record.
The rest of her evening is uneventful until she gets a text alert on her phone letting her know that her electricity bill is due. Sitting on the couch with Netflix up and Chinese food on her lap, she opens the browser on her phone and navigates to the utility company’s website. Once there, she’s prompted for her username and password. Jamie pauses, waiting for the autofill to enter it in before she realizes that it doesn’t work on her phone. Grumbling, she pauses the movie she’s watching, sets her Chinese food aside, and gets up to grab her laptop. She hops over to the website and gets her bill paid and goes back to her dinner, only to see Clarence has snuck some of her chicken off to eat while she was distracted.
If this sounds like an exaggeration, think again. How often to do you need to enter a password, or forget one and have to reset it? How many accounts do you log into on any given day? Do you use a password manager? Do you let your accounts keep you logged in? Do you store your credit card information behind them? All of these actions could be putting you at risk. That’s why today, on World Password Day, we’re looking to say goodbye to passwords.
And these aren’t the only instances of using passwords you might encounter on any given day.
There are plenty of other times we have to use a password or PIN or present an ID, throughout the day. When traveling we need to verify who we are. When shopping we have to show ID or enter a PIN number. At the doctor’s office. When using an ATM. We verify our identities thousands of times a day without really thinking about it, but in most cases, there’s little proof that we are who we say we are.
Soon, however, you’ll be able to use mobile biometric authentication in all of these instances. We already unlock our devices and authenticate mobile payments with a fingerprint. Why not prove our identity as well? Securely stored identity credentials, authenticated with our biometrics, would streamline all of these activities and provide more security at the same time. Authorize a payment with a selfie. Withdraw money from an ATM with 4 Fingers. And even authenticate against your digital insurance record.
Just think about how much easier life would be if you could use your fingerprints, face, or voice to perform the numerous tasks throughout the day that currently require a password. And the technology is already being deployed across the globe.