Why Are Passwords Still a Thing?

Passwords aren't secure and they might never have been.
Image: Cathryn Virginia/Motherboard

For decades, experts have known that a simple alphanumeric password isn't enough to secure our identities online. Nowadays, stuff like two-factor authentication and SIM-jacking have become a constant of real life, signifying both an improvement and an existential threat to online identity management.

Now, with the Digital Age fully making our IRL lives and our internet lives inseparable, we’re in the midst of an online identity crisis. How can we truly secure our most protected secrets and data, beyond just typing in our usernames and passwords?

But there’s hope.

On today’s show, we’re talking to Wendy Nather, a veteran of the infosec world who knows a thing or two about identity and authentication. She's one of the top chief information security officers at the password security startup Duo Security—which was bought by Cisco in October for billions, signifying how seriously big tech is taking the future of identity verification.

Wendy’s central problem—which is really everyone’s problem—can we actually secure our identities online? And if not, can we manage the fallout of constant breaches? Should we leave passwords behind for good?