4 Ways Passwords Are Going The Way of The Dinosaur

Passwords have been with us for thousands of years. They’ve been used in secret societies, club houses, bootlegging operations in 1920s USA, and now they’re very commonly used as a way to authenticate into our devices and our accounts on the internet. But who says we have to use passwords for everything? Do we really need to type a phrase every time we log in to our computers? Is there a viable alternative? Depending on how much you know about authentication, you’ll probably be surprised at some of the answers to these questions. Let’s explore the ways in which we’re rendering passwords a thing of the past!

passwordobsolete-fingerprint

You’ve seen it in Hollywood films: A secret agent uses his voice, his retina, a fingerprint, or even a strand of hair to gain access to a secure zone. This is known as biometric authentication. It involves taking pieces of data completely unique to your body and matching it with a database entry. The two most popular forms of biometric authentication are fingerprints and retina, with fingerprints being the most straightforward and affordable out of the two to implement. You’ve seen it in Apple’s iPhone 5S, and you’ll likely see fingerprint scanning reach other devices that want to add a little bit of security.

There are many ways in which biometric authentication can actually be more secure than a password. First of all, it’s more difficult to steal. Fingerprint data is much longer than a password and, depending on the encryption method used to store the data for matching, it will take much more machine power for a hacker to crack your fingerprint than your password. Added to that, a hacker would need to have physical access to you in order to get a fingerprint sample. Either of those methods is highly costly (again, depending on the encryption method used to store your biometric data).

Here’s another thing you can remember, perhaps even better than some lousy word with a bunch of numbers attached to it: Patterns on a still image. Both Windows 8 and the most recent versions of Android support this kind of authentication, and it involves drawing a shape on top of a background (or, in the case of Android, connecting a set of dots in a particular way). You can see an example of what I’m talking about below.

passwordobsolete-pattern

In Windows 8, as I’ve mentioned earlier, there’s a similar method with a bit of a twist. Microsoft calls it a “picture password.” It involves properly drawing patterns on top of a still image, as shown below.

passwordobsolete-picturepassword

It’s still unclear how secure these two methods are, but they certainly can be frustrating for people who are trying to snoop in on your devices when you’re not looking!

passwordobsolete-face

Although it’s still a form of biometric authentication (see above), I have decided to give facial recognition its own category, since it records bodily features at the macro level, and deals with this data slightly differently than fingerprint and retina scanning. Facial recognition deals with data about your body – more specifically, your facial features. The most simple facial recognition software will use the distance between your eyes as a reference point. Other more sophisticated software will even store data about your bone structure, your lips, and practically every other factor that makes your face yours.

Much unlike other forms of biometric authentication, facial recognition will only help you if you don’t have an identical twin, or you don’t happen to come across someone who looks very similar to you. In very homogenous cultures, many of the people living within an area may look very similar and have facial features that can trick software into thinking that they are actually you. This doesn’t happen so much anymore, but the twin problem I mentioned two sentences ago is still an issue if you’re using some cheap software. It takes some highly-sophisticated algorithms and image detail to actually tell apart identical twins.

I certainly don’t see this method being used widely in highly-secure environments (such as the NSA or CIA), but I can see it becoming a natural part of our lives in the technology we use every day.

passwordobsolete-sso

Single Sign-On (SSO) is a form of authentication that involves signing in once to a server that stores your passwords and then logging in to all your web services one click at a time without having to type another password all day. This doesn’t make passwords completely obsolete, but it does eliminate them (for the most part) from your life. What if you could log in to one portal where you’ll be able to automatically log yourself in to anything without having to use a password? Less hassle, more fun and cat pictures!

The best SSO software will perform encryption and decryption of your password data on your machine, and will safeguard you even against the provider’s employees (the possibility of sabotage should never be discounted). So far, the only SSO that meets this criteria is PerfectCloud’s SmartSignin platform.

The next time you unlock your phone or log in to your computer using a fancy method, think of how far we’ve come in such a short time. Passwords might become a thing of the past soon, and we’ll be laughing about the days when we had to actually memorize a whole bunch of phrases just to check our mail and see family pictures. If you have something constructive to add to this, leave a comment below!

13 comments

  1. The problem with passwords is not so much with securing your devices; it is all the different formats required by many websites.

  2. Ah yes, isn’t it wonderful how many “standards” we have. A new authenticator is coming to market, I’m told next month, NYMI, a bracelet with built circuitry that can record limited but sufficient electrocardiographic data to authenticate user. EKG literature reports accuracy, provided user has no arrhythmia. Intriguing
    CSP MD

  3. Nice article. Re item 4, SSO with encryption on your device, does LastPass fit your criteria? I use it, haven’t heard of PerfectCloud; LastPass has some pretty good reviews.
    Also, some serious security folks are experimenting with facial recognition as a component of security policy, with systems that will blank everyone’s screen if an unrecognized or unregistered face enters a secure room.
    Cheers
    Vic Church

    • Re LastPass: It’s relatively safe, but I wouldn’t use it in a corporate environment. PerfectCloud’s SmartSignin works better for people who plan to bring their devices to work (BYOD), or if you just want to have a simple SSO platform you can rely on. I think most people can use LastPass safely, although its ease of use and security aren’t as good.

      Re Facial Recognition: That sounds awesome. For the most part, it’s very secure, but I don’t see the NSA or CIA using it any time soon :D

      • Hence why it’s important that keys don’t get stored on-site. It’s important to have end-to-end encryption with the key dependent upon user input.

  4. “Re Facial Recognition: For the most part, it’s very secure, but I don’t see the NSA or CIA using it any time soon”
    They use retinal scans.

    When fingerprints and retinal scans come into wide use, mutilations (cutting off of fingers and/or hands and gouging out of eyes) will also come into wide use.

    • Newest finger / palm vein authentication methods require actual “living” tissue, meaning that mutilations will make no sense / kidnapping however ….

      • If you are the victim, does it make a difference? :>(

        Chances are witnesses will not be tolerated.

  5. Keyloggers were developed to capture keystrokes. Something analogous can be developed to capture pattern recognition and biometric data.

    If one suffers a significant facial injury, one may not be able to log into one’s computer using facial recognition.

    • Indeed! This is mentally provoking, isn’t it? I mean, trying to find a fail-proof solution to authentication is very difficult. But most biometric systems also include a failsafe token or PIN that changes algorithmically over a period of time. For example, smart token devices are often used for authentication into corporate systems, and if a keylogger captures your token now, it won’t be able to login once you use it, since it’s a one-time password (OTP).

      This may be a great fail-safe or supplement for authentication systems that must protect highly sensitive material. The only way to circumvent it is to steal the biometrics of another person **and** steal that person’s token key so that you can type in the OTP required to finalize authentication. What if the OTP is implanted in the person’s skull? We may end up with very interesting security measures like implantation eventually, and this will lead to security we may have never even dreamed of!

      Of course, hackers always get smarter. We’re constantly fighting a battle.

Comments are closed.

Sponsored Stories