On the latest episode of Too Embarrassed to Ask, Kara Swisher and Lauren Goode spoke to Jeffrey Goldberg, 1Password’s Defender Against the Dark Arts — and yes, that is his real title. Password managers like 1Password create hard-to-guess passwords for you to use all around the web, remembering them so you don’t have to.
Goldberg answered your questions about the future of passwords and password management, including the big one: Are passwords here to stay? Or are we going to come up with something better?
“When I first started worrying about the password problem, I and some other people came up with various schemes and we thought we were going to more or less eliminate passwords, for the most part, within the next five years,” Goldberg said. “That was in the mid-90s. Since then, I’ve seen proposals to eliminate passwords come and go.”
Of course, a lot of people might expect fingerprint sensors like those found on many smartphones, and face scanners like the one on the new iPhone X, could do away with secret strings of numbers and letters. But Goldberg isn’t so sure that those are a good idea for protecting online accounts like your email and bank records.
“Consider what happens when a server is breached and you’re told you have to change your password,” he said. “You’ve got to change your password for that service, and every other service where you’ve re-used that same password. Changing your fingerprint is a little bit harder.”
“I’m not saying there isn’t a place for biometrics,” he added. “Used for local authentication, they’re actually really good. But a fingerprint or your face are not secret. They’re really just another form of your mother’s maiden name. They're things that maybe not everybody has access to, but they’re not designed to be secret, like a password.”
Goldberg stressed that 1Password does not know or track what sites its users visit, or how often they visit them. That’s a big difference from those “Sign in with Facebook” buttons you see peppered across the web, commonly referred to as “single sign-ons,” he said.
“One of the difficulties with those is you are letting Facebook or Google or whatever service you’re using know exactly when you’re signing into what,” Goldberg said. “That might be fine for some people. But generally, the security technology community cares deeply about privacy, and so we tend not to push for systems that would be inherently non-private.”
Have questions about passwords that we didn’t get to in this episode? Tweet them to @Recode with the hashtag #TooEmbarrassed, or email them to TooEmbarrassed@recode.net.
If you like this show, you should also check out our other podcasts:
- Recode Decode, hosted by Kara Swisher, is a weekly show featuring in-depth interviews with the movers and shakers in tech and media every Monday. You can subscribe on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.
- Recode Media with Peter Kafka features no-nonsense conversations with the smartest and most interesting people in the media world, with new episodes every Thursday. Use these links to subscribe on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.
- And finally, Recode Replay has all the audio from our live events, such as the Code Conference, Code Media and the Code Commerce Series. Subscribe today on Apple Podcasts, Spotify, Pocket Casts, Overcast or wherever you listen to podcasts.
This article originally appeared on Recode.net.