Passwords are not as secure as many think – and it’s best if we don’t even know them. In a recent podcast, Julia O’Toole covered the weaknesses inherent in passwords – such as loss or theft – and steps that institutions should take to improve their defences. “There’s a big confusion in business in general, between authentication and identification,” said O’Toole, “but the confusion has really created a mismatch of solutions, which amplify the problem of access insecurity. So, when it comes to authentication itself, the misconception about passwords is that you actually need to know them.” By segmenting systems, taking password management out of users’ hands, and using proper authentication, companies can defend against the disastrous consequences of password loss. “No one needs to know a password ever”, O’Toole concluded.