Passwords are vulnerable. Every month at least one major hack or data leak takes place in which millions of records, including passwords, are exposed or stolen. On the dark web the underground market for passwords and other identity details is thriving.

Because of their inherent vulnerability are we seeing the slow decline of the password? If so, what will replace it and what will we be using five years from now? We can get some insight by looking at how today’s developments are evolving from their password roots and how they will shape the future.


Iris, fingerprint, voice and face readers are some of the most common uses of ID authentication today. In fact, in establishments were security is number one priority they have been in use for a long time. Today, fingerprint authentication is mainstream and the use of face recognition is also gaining ground. In financial services a user simply snaps a selfie and links it to their payment card.  Sounds great, but biometrics have a crucial vulnerability. All of us only have one face, two retinas and 10 fingerprints. They represent passwords that can’t be reset if they’re compromised. In 2015, for instance, a database containing the fingerprints of 5.6 million U.S. federal employees was breached.

Zero login

Zero login is the use of unique behavioral characteristics such as typing patterns, location and occupation to verify identity. It enables you to log you into applications and online services without needing to do anything.
Recent iPhone models already allow the user to change the pressure of their home button and to detect and remember signals from other devices such as your car or headphones. But how do you know when you have successfully logged out? If your phone is collecting all of this information about you, how is it being protected and where is it being sent? 

Implanting microchips

How do you like the thought of inserting a tiny microchip into your body, the equivalent of a password? This idea has been around a while. But today a Swedish company Epicenter, and a few others, have made employee micro chipping available on a wide scale to replace passwords and keys. Employees can enter buildings, open doors, access computers and so on by just placing their micro-chipped hand next to the reader.

Brain passwords

A person’s brain password is a digital reading of their brain activity while looking at a series of different kinds of pictures and objects.  A person is initially authenticated with a passport, other identifying paperwork, or having fingerprints or face checked against existing records. Their brain waves when responding to different stimuli reveal a unique biological brain structure which in turn creates a brain password. The two together create a unique password that can’t be replicated.

DNA identification

DNA-based authentication is not far away. Qatar and Estonia already take DNA readings of citizens to map out and get ahead of potential health problems such as disease outbreak while recommending lifestyle choices. But much closer to home, a new social platform is planning to introduce DNA-based ID so the potential for fraud on the platform is effectively killed at birth. The platform readily admits it’s a difficult and complex project, not least securing the DNA prints. If the ethical and security hurdles are overcome this may well take off given the potential to wipe out online fraud.

Five years from now

So what types of passwords can we expect to see in five years? All of the methods mentioned above have an inherent flaw, how can you store the information securely and guarantee that it won’t be hacked.  It’s the same issue faced by today’s use of passwords with the exception that these new authentication methods are near impossible to imitate.

As such we’re likely to see each of the above areas gaining ground in different areas. But most likely biometric-based identification will be the front runner used in conjunction with two-factor authentication (2FA) to provide an extra layer of security. And as for micro-chipped employees, it will likely be regarded as an oddity, in which password security wandered down a remote bypath and was adopted by a small few. Or at least we hope so.