The Buggles song “Video Killed the Radio Star” came to mind today as I read headline after headline about Twitter’s plan to kill the password. Though the prediction that MTV would end the love of radio music wasn’t entirely true, the music video did change the way we looked at music.
So it’s also difficult to be totally convinced that the use of the password will end as the micro-blogging company announces its new initiative this week by introducing Digits, a new authentication service. Instead of using a password to sign in, with Digits, users type in a phone number and then receive a code via text to type in for authentication.
If you think that sounds a lot like two-step authentication, you are not the only one. That’s not a bad thing; rather, it is taking a good idea and updating it for today’s technology, as Tech Crunch pointed out:
This process makes more sense on mobile, not only because a username and password combination is something that’s a bit of holdover from the days where web was king, but also because in many parts of the world – and especially developing regions where smartphones are people’s only ‘computer’ – many users don’t have email addresses to use as their ‘username’ or logon ID. But they do have a phone number.
As Jason Hart, vice president of Cloud Solutions with SafeNet, told me in an email, Twitter shows that the time has come to bring security into the modern era and away from having to remember and reset dozens of passwords.
But at the same time, we’d be foolish to think that the password is going to be replaced any time soon. As Paul Rubens wrote in an eSecurity Planet article:
While passwords have got a lot of bad press recently thanks to some massive security breaches, the truth is that as an authentication system they can provide a very high level of security. Perhaps more important, a password is cheap to issue compared to two factor authentication systems that rely on hardware tokens or biometric systems that use fingerprint or voice recognition.
Like videos did for music, Digits and Twitter will create a buzz and, if it is successful, we will see more companies, particularly social media outlets and apps that depend on mobile access, turn to similar authentication methods. However, the password is going to stick around in one form or another. I would be surprised if the password ever truly disappears. To announce that Twitter has killed the password is premature, at best.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba