Hackers have recently exposed thousands of usernames and passwords on the Internet. Two of the most recent breaches include Yahoo Mail and Bell Canada.
This has called into question the security of passwords all together.
Cyber security expert Jose Fernandez of l’école Polytechnique said as long as passwords, encrypted or not, are stored in databases, hackers will inevitably be able to gain access.
"The password, as we know it, is dead," he said.
Fernandez vows two-factor authentication is the key.
“You would you a device or a phone, and that phone generates a one-time password, it’s a code that changes every minute,” Fernandez said.
That code would be used in conjunction with your password, so even if your password is revealed, a hacker could not gain access without your rotating security code.
Some services use two-factor authentication already, like Google, Facebook and Twitter, but all services use different tools and platforms, making the whole process unfriendly.
“We want, as users, to have one app on the phone in which we have a code for my Google, Facebook, Twitter and for any website that I log onto.” Fernandez said. “Right now, there is not a standard that has imposed itself.”
Fernandez said for any standard to be established, competitors would have to band together.
Companies who hold confidential user information, like how retailers collect credit card numbers, could do more to protect private data, Fernandez said.
“They’re not feeling the legal actions, and they’re not feeling the financial pain,” he said, so they’re not investing enough and hiring the right people to build the fortress around their servers.
A recent private-member’s bill to amend the Personal Information Protection and Electronic Documents Act was put forward in the House of Commons, but was defeated by the Conservatives during second reading on January 29th, 2014.