Passwords Aren't Going Anywhere

Heya,

As I mentioned in a Changelog podcast I was on earlier this year, I don’t think passwords are ever going away. They’ll always be an option for access to online applications, whether protected by customer identity and access management (CIAM) software or not.

In that podcast, we talked about other options for authentication, including the latest darling, passkeys. But passwords, strings of characters that someone must know and provide to gain access, just have too many advantages to ever entirely disappear.

Passwords are an old technology. The idea of a secret phrase which identifies someone is present in the 5th century Greek play, Rhesus. In the play, Odysseus and others venture into the Trojan camp because they know the password (“Phoebus”).

From a software perspective, the first computer passwords were used to protect the earliest multi-user system, CTSS at MIT. This happened in 1960, and the first password was stolen in 1962 by a grad student trying to get more time on the system.

Regardless of the history, passwords will never die. There are many reasons why they are a good choice for CIAM systems:

• Passwords have zero dependencies. Other ways to authenticate might require network access and depend on third-party systems like Google or your email provider. Or they might depend on you having access to a certain device or set of devices. Passwords have none of these restrictions. When a cloud provider has an outage or you’re in an area with poor connectivity, passwords still work.