In Ask Me Some Questions And I'll Tell You Some Lies I discuss security questions and why they should be random like passwords, which I discuss in my post Pass The Word About Passwords. So, what exactly is wrong with the current 'Login' and 'Password' model?
I’ll use a common scene in movies to illustrate what is fundamentally wrong with our current method of securing accounts. In the movie, we watch as an unauthorized [spy] [detective] [insert your own character here] knocks on a door in a dark back alley in the hopes of gaining entry. A tough looking bouncer slides open a small window and asks something like, "What's the secret code?", or “Who sent you?”. An attempt is made to validate the person looking to enter by asking him for something the bouncer knows. The detective provides the correct information and thus the door is opened.
No further information was required for the detective to prove his identity, and so it is with logins and passwords. There is nothing stopping an attacker from essentially doing the same thing to our logins. This is really a two fold problem as it relates to securing our data. First, we need to provide more than just the right answer to get into an account. Second, we need it to be something no one else has (including the site itself), or can get.
Sites hold onto our passwords by design. Like the bouncer at the door, they want to know if we have the right password. If we can match what they have on file we get access. This may have been a simple solution to a simple problem in the early days of making sure that only authorize persons had access to information in a pre-Internet world. We don't live in that world anymore, and that may play a part in why our account information is so often stolen and our accounts hacked.
Two factor authentication is a step in the right direction because it adds the burden of further proving our right to access an account. It requires us to provide additional information that only we would likely have at our disposal by giving us a one time use code via text message, or authenticator app. In my post titled, The Two Step Verification Dance, I discuss the pros and cons of providing additional information to access our accounts. We are always making sacrifices in security for the sake of convenience. Two factor authentication is stronger than passwords alone. However, as soon as we find it inconvenient we work around it (or flat out disable it) by allowing devices to remember a login as well as retain an app specific password. These app specific passwords can potentially weaken security because we now have a point of entry into an account that is no longer asking us for something we have. Not only are we explicitly allowing the site to validate using a password only, we are allowing the app to stay logged in.
On a base level, passwords are broken. Anytime we rely on a site to retain something that they know, and we know, we can almost bet on that information getting loose. We hear in the news all the time about account breaches and information leaks. These are companies who want us to use their services, but they need to do a better job of promising us they are doing everything technologically, and humanly, possible to safeguard our data. Fortunately, there is a community of security experts working to solve the login/password conundrum. It will take time for these newer solutions to reach the mainstream, and even more time for them to completely replace the traditional login and password method of validation. In the meantime, we have to keep ramping up security by continually improving our passwords, adding layers of protection, and being smarter about how we use technology.