Passwords Passé?

By on Oct 3, 2013 in Technology

The password and its powers to secure our data is a topic that’s constantly on the minds of tecontentchnology companies, and equally discussed by users.

The central problem with the current form of data protection is what it needs to be most effective: passwords should be long, complicated, and changed regularly, thus increasing the possibility that they are forgotten by the account holder. Considering that that typical person nowadays requires 11 unique passwords, the system is unsustainable.

The security landscape is subject to change even more since employees started bringing their own smartphones and other devices to work. Proliferation of individual devices is seen by many as a serious security threat, but there are also those who see this as a chance to improve security by using biometric authentication. Some researchers are inclined to think that mobile computing will be the driver and enabler of it.

Biometric authentication is not new technology; it actually started in 2004 when IBM introduced the first fingerprint reader in its ThinkPad T42. Clain Anderson said then that the customer response to the fingerprint reader made biometric security a must-have feature; they invested in development of built-in iris scanners on portable computers.

The trend continued, and now many of the laptops come with built-in fingerprint readers. Living in an era dominated by smartphones, the same tactic is slowly being adopted. The latest iPhone model, the 5S, has as one of its main attractions (and distractions at the same time), the Touch ID function, the sensor that scans the holder’s fingerprint, but only unlocks the device if the finger is that of the owner’s.

Responding to privacy concerns over who will have access to this data, Apple stated that the fingerprint record won’t be saved on their servers, but on the hardware itself.

The reviewers of the Touch ID are satisfied with its functionality; the company Apple bought last year, Authen Tec Inc., seems to have fulfilled its task successfully. As for the fear that thieves could remove a person’s finger in order to gain access to a stolen device, rest assured it will not be the case. The iPhone’s Touch ID fingerprint sensor uses radio frequency technology to detect the sub-epidermal layers of the skin, a dynamics that requires the owner of the finger to be alive.

“No one in biometrics wants to talk about cut fingers and dead bodies, but at the end of the day we are still asked to remove the fears of consumer and make sure that they understand that [a severed finger] will not work,” says Sebastien Taveau, CFO at Validity Sensors, a company specialized in fingerprint sensor solutions.

“What Apple has done with Touch ID is to improve the usability of identity verification on mobile devices — to make it more convenient,” market intelligence expert Alan Goode, MD, a long-time biometrics champion. “I believe that the main driver for adoption of biometrics into consumer electronic devices is the mass adoption of smart mobile devices and the challenges this poses for strong authentication and identity verification — in other words how do we securely prove identity on a mobile device without affecting the user experience. Passcodes and One-Time-Passwords are not the most convenient way to prove identity on a mobile device, especially when we are on the move.”

Microsoft Corp. announced that Windows 8.1 OS is “optimized for fingerprint-based biometrics”, and this protection way will be broadly used in their system. At the same time, an organization took shape through the combined forces of Google, Lenovo Group, Pay Pal and others – FIDO (Fast Identity Online) Alliance, that has as goal the development of industry standards for biometric and other forms of strong authentication.

Voice-recognition is already in use, a simple phrase tells the device that it’s OK to unlock. Picture-recognition is also in use: choose a photo of a family member, for instance, and to log in you have to click on four parts of their face. A photo is easier to remember than a text password, and more difficult to replicate by others.

Researchers are looking into the use of brain waves as authentication; the subjects in the research wore headsets that measured their brain-wave signals while imagining performing certain tasks, and so the specialists managed to distinguish between them with an accuracy of 99 percent. The password could become a pass-thought.

The reality is that the password is the only ‘one size fits all’ authentication but current times show it as insufficient. Probably the best way to keep secure in the online environment is to use a combination; which combination remains to be seen.

How comfortable are you with the idea of using your iris, fingerprint or other personal trait as authentication?