Facebook’s head of security wants passwords to just die already

Alex Stamos, Facebook’s global head of security, has something to say about passwords. They have to go. Speaking at Irish tech conference Web Summit, Stamos said on Wednesday that he wants now-ubiquitous passwords — used to secure everything from social networking profiles to laptops and bank accounts — to become “a thing of the past.” He argued that the passwords came out of having multiple users on mainframe computers in the 1970s: They “make no sense in 2015.” So what comes next? Stamos doesn’t pretend to know for sure. But he called on the security industry to be more tolerant of trials as people try to figure it out. “In security we’re not very good at experimenting and letting people fail … We need to be more open about letting people move forward and try new [options] and make mistakes,” he said, “without it being a massive scandal.” As more smartphones and devices become able to read biometric data (like fingerprints or irises), such scanners become an increasingly viable way to authenticate identities. Another possibility is use of two-factor authentication: Using a second device (typically a smartphone) to verify someone trying to log in is who they say they are. This doesn’t necessarily do away with passwords altogether — but does reduce reliance on them.