Skip to Main Content

Is there life beyond the password?

Legions of developers and security researchers are toiling away to create a password-less future one where people do not have to rack their brains to create and remember a secure password.

This is great news for people tired of remembering either that password or the location of that sticky note with all of their secure passwords. The bad news is that many of these technologies are not quite ready for the mass market. In addition, many of the ways that the technologies are implemented could become yet another security and privacy nightmare for people.

Three stages to the developing marriage between device and the individual

The modern password is a marriage of convenience between human and device. For the sake of basic device security, humans have to remember a bit of data about themselves which will then help the device know that the person on the other side of the keyboard is the one-and-only that they can share confidential stuff with. The real work is on the side of the human to remember.

Embedded authentication is another step in this relationship by incorporating the person into the device as a mobile data carrier. Just think, having a chip inserted into your body is a high-tech variant of writing a phone number down on your hand: It is there, can’t be lost, and it might be impossible to keep other people from reading it. Oh, and it might be hard to wash off, depending on the type of pen used to write the number on your hand.

Biometric authentication flips the workload over to the device without getting as physically invasive as the embedded chip. All a person has to do is show up and present a bit of themselves – finger, face, voice – and the device will do the rest, identifying the individual with no stress or worries on the person’s part.

Embedded privacy issues

Getting a chip based on Near Field Communication (just like your contactless debit card) embedded into your hand has lots of advantages, say advocates. As done in some Scandinavian countries, the embedded chip allows people to wave their way into the office building or pay for their drinks without having to remember a wallet. From the device-user perspective, it is probably also used to help them login to their computer or hold their cryptocurrency wallet.

But it also comes with a privacy cost. The chip is sending out a 13.56 MHz frequency signal everywhere it goes. If all goes as the trade association plans, this has a range of only four centimeters. However, some security researchers claim to have boosted the range over ten-fold to 45-80 cm. Then there is the question of who is collecting, manipulating, and possibly reselling all of this private data. Just in the context of an individual office, this data can tell a lot about the length of coffee breaks, potential romances, and workflow.

How organic is that bio-authentication?

Bio-authentication finds aspects of you which are truly unique – and then uses them to single you out from the other people out there. The top two most trusted forms were fingerprints and retinal eye scans according to IBM research. Other forms under development include facial recognition, handprint, and voice recognition. Interestingly enough, audible ID such as heartbeat or voice recognition were the least trusted.

Voice recognition is more advanced than many realize. Companies in this sector map voices according to a small fixed-length record called a voice-print – and they are now bringing in AI deep neural technology to speed up and make these detections more accurate. Voice recognition is already being used by call centers and banks to confirm an individual’s identity. Developers now would like to embed their work in new technologies such as smart wearables and cars – devices that work without an always-on internet connection.

Multilayers of authenticity

There are finally some interesting authentication options beyond the traditional alphanumeric passwords. The great news for consumers is that these are options – there is still a choice. And since two-factor authentication is important, one of those factors might well be one of these new biometric technologies.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.