Passwords are on their way out
Our tech lives are full of pain points, but at least the world’s tech geniuses seem committed to solving them. Today, who complains about things that bugged us a decade ago, such as heavy laptops, slow cellular Internet, the inability to send e-mails in planes?
It was only a matter of time before those geniuses started tackling one of the longest-running pain points in history: passwords. We’re supposed to create a long, complex, unguessable password — capital and lowercase letters, numbers and symbols, with a few Arabic letters thrown in if possible. For each site. Don’t reuse a password. Oh, and change them all every month.
Sorry, security experts. Not possible. Not for an average person, not even for you. Nobody has that kind of memory.
To make matters worse, passwords aren’t even especially secure. See any recent headline about stolen passwords or about some company’s servers being hacked.
Time to kill the password
Surely, in the 50 years since we started typing passwords, somebody must have invented a better security system. The answer: Yes and no. Apps such as 1Password and Dashlane memorise and enter long, complicated passwords for you. But most of them cost money, they don’t work on every Web account and the nontechie public don’t know they exist.
There’s also two-factor authentication, which makes you type a password and a code texted to your phone to log in. It’s an unbelievable hassle. The masses will never go for it.
Finally, biometric approaches can be both secure and easy because they recognise us, not memorised strings of text. Here there’s hope. Fingerprint readers on smartphones, tablets and laptops are becoming common, cheap, convenient and essentially impossible to hack on a large scale. So far, they’re primarily useful for logging us into our machines. Shouldn’t the next step be letting us log into our Web accounts? Iris scanning is another biometric technology, fast enough to work well at automated border-crossing systems and secure enough for national ID programs such as India’s (it’s enrolling 1.2 billion people).
At the moment, iris scanners are far too new and expensive to build into every phone and laptop — but almost every technology gets cheaper over time. Some scanners can be fooled by a photograph of your eye, but this problem, too, can be overcome (by tracking your pupil as you read something, for example). Bottom line: there’s no insurmountable problem in iris reading’s future.
Same with voice authentication, using the unique pitch, accent and frequencies of your speaking voice as your key. It’s cheap enough for wide adoption — our phones and gadgets already have microphones. Worried about bad guys faking out the system with a recording of your voice? That can’t happen if the phrase you’re asked to speak changes every time you log in.
The only roadblocks here are background noise and laryngitis. And as with any biometric security solution, this approach only requires a backup system, like a password, just in case.
Then there’s Windows Hello, a new feature of Windows 10 that lets you log in with fingerprint, iris or facial recognition, whatever your laptop is equipped to handle. The face option is especially exciting. You just sit down at the computer, and it unlocks instantly. You can’t fool it with a photograph or even a 3D model of your head, because the Intel RealSense camera it requires includes infrared and 3D sensors.
Of course, very few gadgets come with that camera preinstalled. But the RealSense concept is truly the Holy Grail: secure and convenient. If the hardware ever became as ubiquitous and cheap as, say, our phones’ fingerprint readers, we could have a winner.
Clearly, the password concept is broken. Equally clearly, these new technologies can provide both the security and the convenience the world demands. Nothing’s quite there yet, and we need to keep our eye on privacy concerns (who owns the databases of biometric scans, for example?). But one thing is for sure: this is one pain point that’s got everyone’s attention.
Source: www.scientific-american.com