Is the end of the passwords nigh?
Contador Harrison always say passwords are a pain in the ass! For the last 20 years I’ve been actively using the web and even now I’ve just had to rummage around for the password required in order to post this article.Just like many people out there, I seem to have 10 or more different websites or online accounts to manage. Whenever I book a plane ticket this often means setting up yet another persona and coming up with a password to authenticate it.It’s got so bad for a friend of mine that she’s resorted to a password manager program to suggest secure, truly random passwords and then keep track of them for me. Of course if I forget the password to that program, or worse still if someone else guesses that password, she’ll be in all sorts of trouble.This is a recognised problem, so it’s no surprise firms are looking at ways to make this easier. American companies few years back announced they plans to bring to an end to such problems with Yahoo! planning to move its users to a password on demand system, where a new, one-time password is generated and texted to users mobile phone, and users can text the password to Yahoo!’s servers whenever its services require authentication.This according to the company would make it easier for the user, whose phone is now a key as well as everything else. However, a Finn mobile security expert was less than impressed and he told me that many phones show the text of incoming messages automatically, popping up even when the phone is locked. In his view, all that would be required is five minutes alone with your phone and your Yahoo account could be hijacked. His argument made sense because none of us hasn’t left our phone unattended for even just a short while whether bathing, having a fling or even jogging.
All this hassle with usernames and passwords has led plenty of experts to think biometrics are the answer to this problem we face for being online, in which uniquely identifying elements of our physical body are used as authentication keys.The most common, fingerprints, have been used as a means to authenticate users for some time.Fingerprint based controlled access can be made to work reasonably well, although it is not immune to successful attack. For over half a century now, cases of forged fingerprints have been growing and when experts suggest the biometrics option,am forgiven for wondering if fingerprints really can provide security on the basis of our thumbs. To this date, heartbeat biometrics have been touted as harder to fake or fool than other biometrics, although when I think what happens to my heartbeat when I check my end month bills I’d imagine it will need considerable testing.All this are steps toward security with convenience. American companies moves in this direction as part of the FIDO Alliance which aims to improve the way we approach security for devices and online services in the future,will help in improving security and reducing the burden on users, which has a tendency to lead towards corner cutting, weak or re used passwords, and security compromises.The good news for us password jugglers is that there is now a greater imperative behind building higher levels of security into systems from the outset, rather than trying to add it on afterwards, and that new and better ways of doing this are being explored through rigorous testings where a Norwegian friend told me will revolutionise how we use the web. The wider introduction of these sorts of solutions and their successors will offer a way to provide a whole new way of authentication, to the point that in the not too distant future our wink really will be our passport.