8 technologies that’ll make sure we never have to remember a password ever again
In the beginning was the password, and we
lived with it as best we could. Now, the rise of cybercrime and the
proliferation of systems and services requiring authentication have us coming
up with yet another not-so-easy-to-remember phrase on a near daily basis. And
is any of it making those systems and services truly secure?
Need some IT assistance, equipment or friendly advice? Give us a call at The Computer Guyz or pop into our offices in Cape Town or Centurion.
One day, passwords will be a thing of the
past, and a slew of technologies are being posited as possibilities for a
post-password world. Some are upon us, some are on the threshold of usefulness,
and some are likely little more than a wild idea, but within each of them is
some hint of how we’ve barely scratched the surface of what’s possible with
security and identity technology.
The
Smartphone
Use your smartphone to log into
websites and supply credentials via NFC or SMS.
The
good: It should be as easy as it sounds. No
interaction from the user is needed, except any PIN they might use to secure
the phone itself.
The
bad: Getting websites to play along is the
hard part, since password-based logins have to be scrapped entirely for the system
to be as secure as it can be. Existing credentialing systems (e.g., Facebook or
Google login) could be used as a bridge: Log in with one of those services on
your phone, then use the service itself to log into the site.
The
Smartphone, continued
Use your smartphone, in conjunction with
third-party software, to log into websites or even your PC.
The
good: Insanely simple in practice, and it can
be combined with other smartphone-centric methods (a PIN, for instance) for
added security.
The
bad: Having enterprises adopt such schemes may
be tough if they’re offered only as third-party products. Apple could offer
such a service on iPhones if it cared enough about enterprise use; Microsoft
might if its smartphone offerings had any traction.
Biometrics
Use a fingerprint or an iris scan – or even
a scan of the vein patterns in your hand – to authenticate.
The
good: Fingerprint recognition technology is
widely available, cheap, well-understood, and easy for nontechnical users.
The
bad: Despite all its advantages, fingerprint
reading hasn’t done much to displace the use of passwords in places apart
from where it’s mandated. Iris scanners aren’t foolproof, either. And privacy
worries abound, something not likely to be abated once fingerprint readers
become ubiquitous on phones.
The
Biometric Smartphone
Use your smartphone, in conjunction with
built-in biometric sensors, to perform authentication.
The
good: Multiple boons in one: smartphones and
fingerprint readers are both ubiquitous and easy to leverage, and they require
no end user training to be useful, save for registering one’s fingerprint.
The
bad: It’s not as hard as it might seem to hack
a fingerprint scanner (although it isn’t trivial). Worst of all, once a
fingerprint is stolen, it’s, um, pretty hard to change it.
The
Digital Tattoo
A flexible electronic device worn directly
on the skin, like a fake tattoo and used to perform authentication.
The
good: In theory, it sounds great. Nothing
to type, nothing to touch, (almost) nothing to carry around. The person is the
password.
The
bad: So far it’s a relatively costly
technology, and it’s a toss-up as to whether people will trade typing passwords
for slapping a wafer of plastic somewhere on their bodies.
The
Password Pill
This authentication technology involves
ingesting something into your body – an electronic “pill” – that
can send a signal of a few bits through the skin.
The
good: A digital pill makes the authentication
process completely passive, save for any additional manual authentication
(e.g., a PIN) that might be used.
The
bad: Who is comfortable (yet) with gulping
down a piece of digital technology? Like the digital tattoo, this doesn’t sound
like something one would want to use regularly, but rather more as a day pass
or temporary form of ID.
Voice
Printing
Use voice recognition to authenticate, by
speaking aloud a passphrase or a text generated by the system with which you’re
trying to authenticate.
The
good: The phrase used to identify you isn’t
the important part; it’s the voice itself. Plus, it can be easily changed;
speaking is often faster than typing or performing some other recognition; and
it’s a solution that even works in a hands-free environment. Plus, microphones
are now standard-issue hardware.
The
bad: As with any technology that exists in a
proprietary, third-party implementation, the hard part is getting people to
pick up on it.
Brainwave
Authentication
Think your password and you’re logged in.
That’s right: an authentication system that uses nothing but brainwaves.
The
good: Consumer-grade EEG hardware is cheap,
and the tests conducted by the School of Information showed it was possible to
detect a thought-out password with a high degree of accuracy.
The
bad: Donning a headset to log in seems complicated
– that is, assuming you’re not spooked by the idea of a computer reading your
thoughts.
Comments
Post a Comment