Any website developer knows the drill: you put up anything requiring a login, and people are usually going to pick the laziest possible weak password. As documented in Ars Technica’s lament on the failure of the password model, this problem has existed unabated for 30 years. Users are still just as sloppy about password security as ever.
Future web application designers might need to start thinking beyond the password. For instance, what if we tried some other methods of user authentication along with the password:
- A CAPTCHA field right by the password box, to stop automated brute force attacks.
- An additional field requiring some piece of data, such as year of birth.
- A drop-down menu of icons. Along with a password, users could select their favourite icon/avatar when they log in.
- A password suggestion feature. When picking a new password, users could enter their choice, then if it doesn’t pass the strength test, the feature could suggest stronger related passwords. For instance, for the dog’s name ‘Rover,’ the feature could suggest alternatives like 98R0v3R43.
- Just wait for the future when we have biometrics and you scan in using your thumbprint.
We like the last idea.