Do you have any idea how many accounts and passwords you’ve used? I am not just talking about your bank, email and social media accounts, but also all the passwords for the online stores that you’ve bought from (even if only once in the last 10 years), the subscriptions you’ve taken out and the online services you’ve used. What passwords did you choose for those accounts? Chances are that you chose ones that were easy to remember – and to guess. And if you’re like me, you probably reused passwords. All these accounts and passwords are still out there, sometimes with your credit card details and other personal data attached.
More and more Internet services are realizing that the user name and password paradigm is obsolete. Every day, bank accounts are being hacked and Facebook identities hijacked because of failing authentication mechanisms. Expecting users to manage scores of unique, unguessable passwords is unreasonable and enormously increases the risk of identity theft and fraud. As for knowledge-based authentication, the huge amount of personal information on social media means that it’s dead – just about anyone can find your mother’s maiden name online.