Passwords are everywhere. We use them for all kinds of accounts, from social networks to online banking.
Despite them being as widespread as they are, they have multiple problems. The most obvious one is that the majority of people choose simple passwords, that are easy to guess. Some websites have tried mitigating that by increasing the required complexity. Such passwords become more secure but also harder to remember. Also worth noting is that most passwords composed of multiple words, or characters replaced by numbers already reside in most dictionaries, making it fairly easy to brute-force them.
So what can we do instead? We can try password managers. They generate strong passwords and store them internally, so we don’t need to remember our passwords. Sounds almost too good to be true. And too good to be true it is, the password manager needs protection as well. How is it protected? Passwords, usually. So basically you trade all of your other passwords for one, and if someone guesses this passwords, they get access to all the other ones, most of the time along with the usernames!
Another idea comes to mind, let’s use biometrics! It’s incredibly convenient to just tap your fingerprint sensor on your phone, look at your phone to have it recognize your irises or face, sometimes even speak a phrase. Unfortunately, such convenience comes at a price – security. When it comes to biometrics it always comes down to a line with two ends, one being security, the other convenience: what is convenient is generally less secure and what’s secure is less convenient.
Most of our biometrics are focused more on the convenience side. For example, fingerprints have been made of silicon from a photo: https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands, some iris scanners can be fooled by a photo, FaceID, as secure as it is made out to be was fooled by a $200 mask: https://www.forbes.com/sites/thomasbrewster/2017/11/27/apple-face-id-artificial-intelligence-twin-mask-attacks-iphone-x/#6bcfa8962775. There’s another downside to biometrics: unlike passwords, once they are compromised, you can’t change them. If your password is made public, all you have to do is change it, but you can’t change your fingerprints, and you leave your fingerprints on everything you touch! Similar goes for the iris scanners and face scanners.So what’s to be done here? One thing really: use multi-factor authentication. Whereas your passwords or biometrics can be figured out, it’s a lot less likely that your 2nd or even 3rd-factor authenticators will be compromised.
I would also suggest looking at lists like this one: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords, if your password ever appears on one of them, do yourself a favour and change it!