I’ve read articles suggesting that passwords will eventually go the way of the dinosaur only to be replaced by biometrics, PINs, and other methods of authentication. This piece claims that Microsoft, Google, and Apple are decreasing password dependency because passwords are expensive (to change) and present a high security risk. On the other hand, Dr. Mike Pound at Computerphile claims that we will always need passwords (I think this is the correct video).
But as this wonderful Security StackExchange thread notes, biometrics are not perfect. Granted, the criticisms are roughly six years old, but still stand. Moreover, and perhaps I have a fundamental misunderstanding of how biometric data is stored, but what if this information is breached? Changing a password may be tedious and expensive, but at least it can be changed. I’m uncertain how biometric authentication address this problem–as I cannot change my face, iris, fingerprint, and etc.–or if it needs to address this problem at all.
Are those who argue that we can eliminate passwords prematurely popping champagne bottles or are their projections correct?