Are biometric passwords the future
A common complaint is that we often have different passwords for different accounts and devices; and to make them secure we have to make these passwords so complicated that then we can’t actually remember them! So it might be music to some people’s ears to hear that the password’s days are numbered because, increasingly, technology is shifting towards using biometric systems instead. But what are these, and are they any better? Nate Lanxon, head of European Technology News at Bloomberg spoke to Chris Smith…
Nate - One of the biggest problems with passwords is that people tend to prefer convenience over security. The most popular password in the world every year is “password,” closely followed by “1,2,3,4,5,6,” because they’re easy to remember. The problem is that with a large percentage of people using such a password it becomes very easy for a hacker to get many thousands of accounts on the assumption that some of them will use these passwords therefore they can get into them very easily. The same is similarly true for just very easy to remember words like summer and people’s names. They’re very easy and they’re hacked with what’s called a dictionary attack. Very easy, very simple, and very common sadly.
Chris - A biometric method of protection - what’s that instead?
Nate - The most commonly used one at the moment that I think most people would be familiar with is a fingerprint sensor on a smartphone. These are becoming increasingly popular since about 2014. A number of manufacturers now use these and essentially what it does is it overrides the need to use a password or a pin because only you have your fingerprint, generally speaking at least. You have the ability to unlock it just by tapping your finger against a phone. You don’t need to remember anything, you just need to be the same as you were when you set it up. You can combine that with a password or with another factor of verification or login - a technology called two factor authentication, so two forms of login together. That increases your level of security enormously and most big companies and large organisations will now try and get people to enable this kind of two factor security if possible.
Chris - Does it actually work like that though Nate? I know Hollywood is Hollywood but certainly I’ve seen films where people chop people’s thumbs off and use them to gain entry to a secure facility. I’ve also heard tell that people have taken photographs of themselves of their eye and then held it up to a security camera and the picture was enough to fool it into thinking it was looking at the individual's real eye.
Nate - It’s true and I will admit I have asked a doctor before now if a finger was cut off, how long would it take before it was useless against unlocking a phone, but I never tend to get a clear answer. The fact is though you are generally right, and away from Hollywood we have seen evidence that the very high resolution of cameras now can take pictures of a person’s iris with enough definition to trick some systems into believing it is the user.
Similar is true of facial recognition where it is looking at a person’s face and unless you’re tracking what’s called depth mapping where you’re not just looking at a photograph of somebody then, again, those can be a little easier to fool. But the key is that most of these systems, at least in the consumer space, they’re often paired with a second factor of authentication for the really important stuff like payment systems and things like that. At the moment they’re there for convenience. Some of them maybe can be fooled if you’re clever enough but they’re not posing a massive risk to security right now.
Chris - What about implementation of this, because it’s not as trivial when we’ve got phones that you can just quite quickly tap in a password into to have some kind of finger scanner or an eye scanner in those devices? Doesn’t this mean we need a regime shift in how all the devices are made and that’s going to take time which will, inevitably, hold things up?
Nate - One hundred percent and that’s exactly why the password is likely to stick around because while all these sensors are becoming more affordable because more people are buying the devices in the high end and that makes the next generation a little cheaper to be implemented in. At the end of the day, not everyone has the budget to buy a smartphone with a fingerprint sensor or an iris scanner in so you need a fallback for the people that don’t have access. That’s why we’ll still have passwords probably for the next 50 years. But it is also hopefully why people may be a little more savvy and aware that “password” in itself is the worst password you can possibly choose.