Think of baseline security, and the first word that’s likely to pop into your mind is the humble password. The gateway to your computer and countless online accounts, the memorable string of letters and numbers has been a faithful companion in online security for years.
Recently however, we’ve seen a number of alternative solutions to the traditional password. Is our most familiar security measure on borrowed time? And what are the alternatives?
What’s up with the password?
The concept of the password itself is not terribly safe. A series of complicated characters that only the user has any recollection of. A simple and safe method of authentication. In theory, it sounds great. There is one cataclysmic hole undermining the safety of the traditional password- us. Humans, with our failing memory capacity and impatient minds, create problems for ourselves by dismissing the importance of password security and making simple, generic login details.
According to data gathered by SplashData, too many users are still falling into trap of using simple numeric patters, names and sports to protect their sensitive data. In their annual “Worst Passwords” list of 2014, which compiles the most commonly used passwords out there, five of the top ten entries contained a series of ascending numbers, with top spot going to “123456”. Elsewhere, everyone’s favourite go too password…”password”, entered at number two, and less than imaginable creations such as “qwerty” and “football” also appeared in the top ten.
The list, which was taken from users in North America and Western Europe, highlights the constant and very real risk we expose ourselves to by using generic, guessable passwords.
It also underlines the genuine discontent users have over the necessity of the password. We’re often told to create a complex stream of letters, cases and numbers in our passwords. So complex in fact, that we are unable to remember them. Similarly, we’re told not use the same password for every account we hold online, and even noting them down and shoving it under the bed is not an acceptable method of password memorisation.
Its recurring issues like these that drive stats like those from SplashData, but what is the alternative?
Biometrics- the future
A number of innovations have been outed recently in an attempt to fortify online security. And it’s all thanks to biometrics. We’re already seeing it in consumer tech, as Apple pioneered the finger print scanner in their flagship smartphones a couple of years ago. Replacing the pin or swipe code we’ve come to associate with unlocking smartphones, finger print scanning has made the biggest dent into real-world tech thus far, but other biometric methods are not far behind.
One of which is facial recognition. Visa have taken on the mantle, as they recently announced the “Selfie Password”. Using nothing but your face, you’ll soon be able to authorise an online payment (see our article “The Selfie Password” for more info). It’s these novel innovations, pioneered by big companies such as Apple and Visa, which will elevate alternative methods of authentication into the mainstream. Given the heightened level of security they will inevitably bring, further progression into the world of biometrics is somewhat inevitable.
Whilst finger print and facial recognition are already in use, voice recognition may not be far behind. Indeed, features like Siri and Cortana have proven the tech is already in place, and it only takes a corporate heavyweight (ala Apple and Visa) to take on the concept and apply it to security.
Calling time on the password?
The title of this article suggests the end is nigh for the traditional method inputting a password- actually, that may not be entirely true. Passwords are endless called out for their inherent insecurity. Their impracticality infuriates us all, but they are likely to stick around for some time yet. We’re going to be seeing a lot of more biometrics at ATMs, in banks and when making purchases online. Crucially however, they will appear alongside a password, not instead of it.
The practicalities of phasing out the password are far from simple. For starters the computer, whose opinion has far been ignored in all this, will no doubt place its vote in the pro-password camp. One advantage to the use of passwords are their 100% accuracy. You can either get the string of characters correct, or incorrect, and a computer likes the clear distinction. With biometric technology, that level of accuracy can’t be achieved. Facial, voice and finger print technology have an element of inaccuracy, and will no doubt cause occasional frustration to users who are wrongly denied access to their account.
Joining the computer on team password are many IT workers, whose administrative work would take a hike if such technologies were introduced into the workplace. The password is a method we are all in tune with, simple to master and simple to maintain. Complicated biometric technologies will bring similarly complicated administrative problems for IT support workers.
One final hurdle hampering the progress of biometric security is cost. Aside from all the excess administrative expenditure necessary for implementing biometric security, the current cost to create such technologies is not cheap. As with any emerging technology, these costs tend to come down as the tech develops. For now though, rolling out biometrics is a cost many businesses will find to high to justify.
Aside from all the practical issues above, replacing one security measure with another is just downright counterproductive. Instead, the use of them both as a means for two, or even three step verification is likely to be the future. By adding extra layers of security, our reliance on the password can be reduced, and security both physically and online can increase.