“It doesn’t matter how complex or unique they are, your passwords can no longer protect you” (Matt Honan, Wired)
It is relatively easy to find a text password that current industry standards classify as safe: a score of characters that is a mix of numbers, letters and symbols may in a relatively incomprehensible pattern should suffice. We can also go one step further and opt for a random password generator.
That, however, means losing sight of the way we use the passwords: it will be safe enough not to be decipherable, but also complex enough to be easily forgotten, which could impede us from accessing everyday information of both personal and professional importance.
Not to mention that they can still be stolen or intercepted in various ways and this is the accumulation of problems which a few non-technology companies and financial institutions have generated. They have long been experimenting with new alternatives for user authentication and all are based on the use of three main factors:
- Knowledge: Elements that only the user knows. Text passwords or PINs are the main example, although not the only ones.
- Possession: Elements that only the user has, like chips with inbuilt NFC.
- Inherence: Elements that are unique to the user, such as a biometry of the face, retinas, fingerprints, or even brainwaves.
Last January, Visa Europe published a study in which it affirmed that “the Generation Z is ready to replace passwords with biometry”. In fact, three out of every four young people between the ages of 16 and 24 agree that they feel more comfortable resorting to biometry, and a similar figure considered it a “faster and easier” option to current passwords. Finally, half of those that were surveyed predicted the end of traditional passwords by the year 2020.
Changing characters for emojis
The company Intelligents Environments recently presented, just as we did previously on this blog, its unusual idea for replacing PINs – passwords of emojis or emoticons. Although it may seem a rather silly idea, there are a few factors to consider when it comes to replacing the traditional PIN – like symbols, they are much easier to remember and more user-friendly, and what’s more, the huge variety of emoticons available means that there are up to 3,498,308 million different combinations (compared to just 7,290 currently available). The negatives include the time we would lose scrolling to insert the symbols.
Facial biometry via selfies
Not long ago, Mastercard carried out an experiment with a group of 500 customers by using an application that allowed the users to identify themselves by using a selfie when shopping online. The app analyzed the photo by using facial recognition technology and the compared it with a second image of the card holder which was located on Mastercard’s database (all this, they say, transmitting the data so that the company will not be able to reconstruct the user’s face). The matching of features in both images is what gives the green light for the transaction to be completed.
Speaking to CNN, MasterCard executive Ajay Bhalla said his company wants to “identify people for what they are, not what they remember […] we have to remember too many passwords, and that creates problems for both consumers and companies”. Bhalla is convinced that the new selfie generation will have no problem in adopting this system.
A step further: brainwaves
Just a few weeks ago, a group of researchers at Binghamton University (New York) published a study that raised a new theory – that the brain waves produced when the human brain reacts before certain words could be used in future as a substitute for passwords, since each person has a particular and distinct reaction to the same terms. Subsequently, attempts to ‘train’ a computer system to recognize each user based on their brain signal resulted in a success rate of 94 %.
This authentication system, which combines factors of recognition (the buzz word here) and inherent (the distinctive pattern of brain waves), would come to solve the problems of validating the biometrics: “If the fingerprint of a user is usurped,” says researcher Sarah Laszlo, “the victim cannot create a new one because they still have the same finger. However, in the unlikely event that it were a brain footprint copied, the user could easily start it again“.
The Abacus Project, the multifactor proposal by Google
In the recent Google I/O 2015, the company from Mountain View submitted its own proposal to ensure the security of mobile devices – a software capable of combining biometrics and the detection of patterns of use (pressure, speed, speech and typing, location) to identify whether or not the person using the device is the regular user or not. The good news is that the only hardware that this system requires is already integrated in the latest generation of smartphones.