As digital identity technologies continue to evolve, the future of passwords remains a subject of intense debate within the cybersecurity community. While many organizations are exploring biometric authentication, passwordless login systems, and other advanced identity solutions, some experts argue that eliminating passwords entirely could create unintended consequences. Beyond their role as a security mechanism, passwords represent a deliberate act of user consent, requiring individuals to knowingly participate in the authentication process. This perspective raises important questions about privacy, personal autonomy, and the balance between convenience and control as society moves toward increasingly automated forms of identity verification.
Some security people are advocating that the password (memorized secret) should be killed altogether, in many cases simply because it is unpopular.
I wonder if they are aware of what they mean by what they say; The society where login without users’ volition is allowed would be a society where democracy is dead. It’s a tyrants’ utopia.
Under an authoritarian regime where despots dictate, “non-volitional”
identification tools disguised as authentication tools would be welcomed that can be deployed for unconscious, insubordinate or even dead people.
Democracy must require the individuals to have the rights not to get their identity authenticated without their knowingly confirming it. This volitional process can be achieved only by “volitional” identity authentication involving memorized secrets, say, passwords and expanded passwords (related article).
We know that biometrics, which relies on a fallback password, can by no means be an alternative to the password, that the password is an indispensable factor for multi-factor schemes and that the security of password managers and single-sign-on schemes needs to hinge on the most reliable password.
The password (memorized secret) is absolutely necessary. Don’t let it be killed.
