Passwords have been with us for thousands of years. They’ve been used in secret societies, club houses, bootlegging operations in 1920s USA, and now they’re very commonly used as a way to authenticate into our devices and our accounts on the internet. But who says we have to use passwords for everything? Do we really need to type a phrase every time we log in to our computers? Is there a viable alternative? Depending on how much you know about authentication, you’ll probably be surprised at some of the answers to these questions. Let’s explore the ways in which we’re rendering passwords a thing of the past!
You’ve seen it in Hollywood films: A secret agent uses his voice, his retina, a fingerprint, or even a strand of hair to gain access to a secure zone. This is known as biometric authentication. It involves taking pieces of data completely unique to your body and matching it with a database entry. The two most popular forms of biometric authentication are fingerprints and retina, with fingerprints being the most straightforward and affordable out of the two to implement. You’ve seen it in Apple’s iPhone 5S, and you’ll likely see fingerprint scanning reach other devices that want to add a little bit of security.
There are many ways in which biometric authentication can actually be more secure than a password. First of all, it’s more difficult to steal. Fingerprint data is much longer than a password and, depending on the encryption method used to store the data for matching, it will take much more machine power for a hacker to crack your fingerprint than your password. Added to that, a hacker would need to have physical access to you in order to get a fingerprint sample. Either of those methods is highly costly (again, depending on the encryption method used to store your biometric data).
2: Pattern Recognition
Here’s another thing you can remember, perhaps even better than some lousy word with a bunch of numbers attached to it: Patterns on a still image. Both Windows 8 and the most recent versions of Android support this kind of authentication, and it involves drawing a shape on top of a background (or, in the case of Android, connecting a set of dots in a particular way). You can see an example of what I’m talking about below.
In Windows 8, as I’ve mentioned earlier, there’s a similar method with a bit of a twist. Microsoft calls it a “picture password.” It involves properly drawing patterns on top of a still image, as shown below.
It’s still unclear how secure these two methods are, but they certainly can be frustrating for people who are trying to snoop in on your devices when you’re not looking!
3: Facial Recognition
Although it’s still a form of biometric authentication (see above), I have decided to give facial recognition its own category, since it records bodily features at the macro level, and deals with this data slightly differently than fingerprint and retina scanning. Facial recognition deals with data about your body – more specifically, your facial features. The most simple facial recognition software will use the distance between your eyes as a reference point. Other more sophisticated software will even store data about your bone structure, your lips, and practically every other factor that makes your face yours.
Much unlike other forms of biometric authentication, facial recognition will only help you if you don’t have an identical twin, or you don’t happen to come across someone who looks very similar to you. In very homogenous cultures, many of the people living within an area may look very similar and have facial features that can trick software into thinking that they are actually you. This doesn’t happen so much anymore, but the twin problem I mentioned two sentences ago is still an issue if you’re using some cheap software. It takes some highly-sophisticated algorithms and image detail to actually tell apart identical twins.
I certainly don’t see this method being used widely in highly-secure environments (such as the NSA or CIA), but I can see it becoming a natural part of our lives in the technology we use every day.
4: Single Sign-On
Single Sign-On (SSO) is a form of authentication that involves signing in once to a server that stores your passwords and then logging in to all your web services one click at a time without having to type another password all day. This doesn’t make passwords completely obsolete, but it does eliminate them (for the most part) from your life. What if you could log in to one portal where you’ll be able to automatically log yourself in to anything without having to use a password? Less hassle, more fun and cat pictures!
The best SSO software will perform encryption and decryption of your password data on your machine, and will safeguard you even against the provider’s employees (the possibility of sabotage should never be discounted). So far, the only SSO that meets this criteria is PerfectCloud’s SmartSignin platform.
Some Added Thoughts
The next time you unlock your phone or log in to your computer using a fancy method, think of how far we’ve come in such a short time. Passwords might become a thing of the past soon, and we’ll be laughing about the days when we had to actually memorize a whole bunch of phrases just to check our mail and see family pictures. If you have something constructive to add to this, leave a comment below!