Rather, in the future, the password will be part of the security "constellation," as Forrester analyst Eve Maler put it. For the most important gateways to our lives, like email accounts, Google's 2-step authentication, which The Atlantic's James Fallows is a vocal proponent, combines a password and an ever-changing code sent via-text. The second aspect might look an awful lot like a password—Google texts a string of characters, for example. Or it might entail something more personalized, depending on the type of information we're trying to protect. But the password will still be in the mix.
While hacks loom, any extra steps means more of a burden for the user. Yes, having to go upstairs to get your phone is more annoying than remember 25 passwords. That hassle will never be worth it for certains things. Also, because of that perceived annoyance, it might take awhile for the multi-step thing to catch on, unless companies mandate it.
The Mobile Password
As far as extensions of our beings go, mobile phones do a pretty great job. Google's 2-factor process uses text messaging because people often have their phones right there with them. Cell phones are small, light, and mobile. But, they're also secure. Because of that and the proliferation of smartphones, Maler expects other companies will join this trend. (Some already have, PayPal for example has a very similar process as Google.)
The possibilities, however, extend beyond texting. Google, for example, has an Authenticator app that generates the code needed for the second part of authentication, changing the password every 10 seconds. Another company working with Grant, for example, is working with push notification technology, you know, those little alerts that pop up on smartphones when things happen. "You enter a username, the app pops up on your phone, asking you to push the green button or to push the red button," he explained. "Suddenly instead of having to carry an extra card, it's just an app on your smartphone."
A Computer That Recognizes You
It's possible, too, that the Internet could validate us without the middle-man. Those mobile solutions use our phones to say "this is the right person." In the future, computers might be able to just know it's us. "The system to just be able to recognize that you're exhibiting behavior that is you," said Grant. Banks already do this, to an extent. If someone makes a transaction from an obscure location, for example, that will trigger an alert. But, these systems could get smarter.
"There are companies that have been out there for years, looking at things like key strokes as biometrics," notes Grant. DARPA is researching that "keystroke dynamics" idea, for example. "Or with touch screens, you might have a certain pattern that you tend to use," he adds. Instead of an app on your phone, companies might require a mobile voice, facial, or eye-scan recognition for certain types of transactions.