When it comes to authentication – proving to websites and digital devices that we are who we say we are – you could hardly get less efficient and secure than usernames and passwords. For starters, each device and website we interact with requires both, and security experts say it’s important to change them regularly. Oh…and don’t write them down in case anyone sees them. This leaves us all trying to engage in superhuman feats of memory, maintaining 20 or more different login names and passwords (which must have at least one letter, number, and special character like “&”) in our overworked noggins.
Even if, by some miracle, we were able to do this, usernames and passwords are at risk of theft. We know this, because we regularly hear about hacker attacks or simple IT-related accidents that expose usernames and passwords to the world, leaving us vulnerable to identify theft, credit hijacking or having our checking accounts cleared out by someone in Nigeria who has always wanted to buy scuba gear for two…plus two round-trip tickets to the Cayman Islands for good measure, leaving you to explain to your bank that no, you haven’t actually been to any sporting goods stores in Abuja lately.
Image via Shutterstock
While many people use computerized password managers and encrypted USB devices to get access to their computers – this makes it trickier for hackers to get access – the procedure is more than a bit of a hassle.
This is where the science of biometrics is increasingly coming into the picture. We’ve all watched James Bond films in which Mr. Bond puts his eyeball to a scanner and the system checks his retinal blood vessel patterns, automatically unlocking the secret underground vault full of gadgets and bodacious women for him. While most of us have yet to face a retinal scanner (though the technology is there), it’s likely that the first biometric security many of us will face will come in the form of voice print technology (a computer analyzing our voices) to fingerprint scanning.
In fact, if the speculation is true, new iPhone users will soon have access to the latter. There are rumors aplenty that Apple’s new iPhone, which will be introduced this week, will incorporate a fingerprint sensor into its popular smartphone. This may also help cut down on the incidences of “Apple picking,” or iPhone thefts that are rampant in many large cities today. (Though a particularly misanthropic person might say that thieves will simply start cutting off people’s fingers.)
There are also advances in technologies such as wrist bands that read heartbeats (which are apparently unique to individuals…who knew?) and electronic tattoos, tiny patches or "biostamps" containing flexible electronic circuits on a nanotechnology scale that attach to the skin with a rubber stamp. The electronic tattoo is paired with a smart phone or other device, and to authenticate their identity, users simply place the device near the “tattoo.”
According to a recent New York Times article, the concept of “the Internet of Things,” or interconnected machines in our everyday life being networked to the Internet to make them “smart,” will raise the stakes further for authentication. The Times describes a California-based startup company called OneID that is offering a single sign-on for a variety of Web sites and devices. In a video demonstration of the technology, OneID engineer Jim Fenton demonstrates how he uses the authentication service to open his garage door.
“The Achilles’ heel of the Internet of things is, how do you secure access to all these things?” asked Fenton. “If you connect all these things to the Internet you need to have good ways — good from a security standpoint and a convenience standpoint — good ways to control access to things. Having user names and passwords is not a good solution for every device.”
Increasingly, it seems like it’s a good solution for no device.
Edited by Alisen Downey