Speculation is mounting that Apple are just about to be doing away with the need for passwords to operate devices.
It is suggested that a new iPhone will be operated by pressing a finger against the handset. Google Android are experimenting with voice recognition, iris scanners and behavioural biometrics to achieve the same thing. The way people swipe, tap keys or move their eyes and even heartbeats are unique to individuals.
The same technology could not only unlock a phone or tablet, but open bank accounts, emails or anywhere that a password is demanded.
Enough is Enough?
The Fido Alliance (Fast Identity Online) is consortium of web firms dedicated to killing off the password. Techies all over are working hard to consign it to history.
Poul-Henning Kamp, the man who invented the widely used password encryption tool MD5crypt, spoke to Rebecca Greenfield of The Atlantic Wire in June 2012 after major password hacks at financial institutions.
He said that his creation is no longer safe. ‘I implore everybody to migrate to a stronger password scrambler without undue delay.’ He thought that all sites with more than 50,000 passwords to protect should come up with their own unique encryption algorithms. It’s safe to say that hasn’t happened everywhere.
The Bane of Our Lives
The password has become so complicated that many people are effectively excluded from technology. Apart from being a rather outdated security risk in themselves (people write most of them down somewhere or they are blindingly obvious to anybody who knows the user, such as through social media. Computer programs to unlock passwords are commonplace.
It’s thought that the average person used thirteen different passwords on 50 sites in 2007; so there must be twice that number now, given the way things grow exponentially on the net. With encouragement if not requirement to make passwords complex employing a range of symbols, lower/upper cases, carry no personal data and be quite long, inevitably they will be hard to remember.
People are also advised not to use the same password twice, and some sites require regular updating. Plus, most sites also demand usernames/ID as well, and they may not be simply your name. Questions from your memorable data are usually easier to recall, but only if the spellings, gaps and punctuation are identical every time.
Of course, no system is foolproof. The problems of scanners being fooled by photos, of too much background noise confusing voice recognition and even of criminals severing fingers from victims to get prints are legion and presumably are being tackled.
The Era Has to End
Last November, Tyler Falk wrote about the necessity for the password to be terminated. He said those with 7-20 character passwords with plenty of numbers, symbols and uppercase rating ‘very strong’ smugly mock those who still use ‘password123’ as their key to the net. Both are equally at risk, he argued.
He quoted Matt Honan, senior writer at Wired magazine who had long, robust alphanumeric passwords and still saw his accounts all hacked with the loss of years of documents, photos because they were daisy-chained together. Honan and Falk are among those increasing numbers now terrified of ‘our password-centric web’.
Storing information in the cloud has actually exacerbated the problem, Falk thought. Tricking into resetting passwords and using publicly available data from one service allows access to another. So what did he suggest?
‘The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.’
He acknowledged that would make privacy advocates very jumpy, as it ‘sounds creepy.’ But for him and many others, the alternative is ‘chaos and theft’. We have entrusted everything to a broken system, so we have to acknowledge that fact and then fix it!
So, does it boil down to better security or better privacy?
Also worth accessing:
The Atlantic Wire, Rebecca Greenfield, How secret is my password? June 2012
Smart Planet, Tyler Falk, The end of the password era, November 2012
When Campaigning for Web Freedom Gets Real, Dirty and Personal, 11 February 2013
Cyber Attack in the UK Set to Be the Biggest Growth Industry, 21 January 2013
It’s the Season to Give Away Lots of Valuable Personal Data, 5 December 2012
What If the Cloud Was a Country, How Green Would It Be? 20 February 2013
Could Computer Over-Reliance Be the Death of Us All? 30 July 2012
Another Week, Another Systems Malfunction, 3 July 2012
Scams Are Out to Get You, Online and Off, 21 May 2012
Image: Naomi IBUKI