Passwords work on the simple premise that one way of proving your identity is by knowing a secret. There is a lot of talk about getting rid of passwords, moving to something like picture passwords, facial recognition, biometrics, or even getting a new Kinect sensor to verify that the person in front of the screen has the physical characteristics of the person that has access to the machine.
People don’t like passwords for a multitude of reasons including:
While passwords are imperfect, the reason that they have stuck around so long, much like the QWERTY keyboard, is that for the most part they get the job done for a lower cost than other solutions. A “more perfect” solution, such as smart cards and biometrics does increase security, but for most organizations the cost benefit of increased security isn’t matched by the cost of increasing the security. Put another way, while it’s worth spending $500 dollars on a safe that protects $2000, it’s harder to justify spending $2000 on a safe that protects $500. In a high security organization smart cards and biometrics may make sense because the cost of someone gaining access that they shouldn’t get is so high. In most organizations the cost of someone gaining illegitimate access isn’t that high so the money spent on improving security could be better spent elsewhere.
The only thing that will replace passwords is a solution that costs the same and provides noticeably better security. Until that happens, things like fingerprint readers and smartcards will only be used by a minority of organizations