When your body becomes your password, the end of the login is nigh

March 23, 2015 by Rob Miles, The Conversation
Soon you will be the key. Credit: Franck Boston/www.shutterstock.com

Passwords are a pain. I've just had to rummage around for the password required in order to post this article. I seem to have 100 or more different identities on different websites to manage. Whenever I book a flight or buy a concert ticket this often means setting up yet another persona and coming up with a password to authenticate it.

It's got so bad I've resorted to a password manager program to suggest secure, truly random passwords and then keep track of them for me. Of course if I forget the to that program, or worse still if someone else guesses that password, I'll be in all sorts of trouble.

Your phone is the key

This is a recognised problem, so it's no surprise firms are looking at ways to make this easier. In the US, Yahoo has announced it plans to move to a password-on-demand system, where a new, one-time password is generated and texted to your mobile phone, and you can text the password to Yahoo's servers whenever its services require authentication.

This makes it things easier for the user, whose phone is now a key as well as everything else. But some have been less than impressed. For example, many phones show the text of incoming messages automatically, popping up even when the phone is locked. All that would be required is five minutes alone with your phone and your Yahoo account could be hijacked. And who hasn't left their phone unattended for even just a short while?

When your body becomes your password, the end of the login is nigh
Obviously this still needs to be miniaturised. Credit: aurin/www.shutterstock.com
How about your body?

All this hassle with usernames and passwords has led many to think biometrics are the answer, in which uniquely identifying elements of our physical body are used as authentication keys.

The most common, fingerprints, have been used as a means to authenticate users for some time. Fingerprint-based controlled access can be made to work reasonably well, although it is not immune to successful attack. When you find that Sherlock Holmes was cracking cases in 1903 which involved forged fingerprints, you might be forgiven for wondering if we really can provide security on the basis of our fingertips and thumbs. However, modern biometric security goes further to try to provide greater security.

Goodbye Windows password

Microsoft is building biometric password support into the forthcoming Windows 10, due to arrive later this year. The Windows Hello component, essentially a login screen, will be able to use a webcam to examine the user's face, iris, or a fingerprint scanner to unlock devices and provide Windows logon. Microsoft are also touting a mechanism built into its Passport service that will provide authentication on your behalf to other sites once you have successfully logged on to your computer and it has recognised you.

Halifax, the bank, has gone one step further for its online banking services. It is currently testing a smart wristband called Nymi which reads the wearer's heartbeat – another biometric measure that provides a rhythmic pattern that can be used as a unique identifier. Heartbeat biometrics are touted as harder to fake or fool than other , although when I consider what happens to my heartbeat when I check my bank balance I'd imagine it will need considerable testing.

Give me convenience or give me death

All this is a step toward the Holy Grail of authentication: security with convenience. Microsoft's moves in this direction are as part of the FIDO Alliance which aims to improve the way we approach security for devices and online services in the future, improving security and reducing the burden on users, which has a tendency to lead towards corner-cutting, weak or re-used passwords, and security compromises.

The good news for us password jugglers is that there is now a greater imperative behind building higher levels of into systems from the outset, rather than trying to add it on afterwards, and that new and better ways of doing this are being expored. Modern devices, the latest Dell tablet for example, have 3D cameras which can generate images that contain depth information as well as a visible picture. The wider introduction of these sorts of components and their successors will offer a way to provide a whole new way of , to the point that in the not too distant future our smile really will be our passport.

Explore further: Can't remember your password? Here are two new ways to log in

Related Stories

Fujitsu shows iris recognition system that unlocks phones

March 3, 2015

In the bid to come up with authentication solutions beyond passwords, fingerprint authentication from Qualcomm is making news, and so is Fujitsu's iris recognition, yet another potential authentication tech step forward. ...

Fingerprint tech from Qualcomm uses ultrasonic sound waves

March 3, 2015

Password-less authentication to protect user data—we have heard the call into the future from tech giants before and for good reason: Users are frustrated over having to remember numerous password combinations to enter ...

FIDO specs to pave way for post-password era

December 10, 2014

Dedicated to easier yet stronger authentication, the FIDO (Fast IDentity Online) Alliance announced Tuesday that it has published specifications, for broad industry adoption of strong authentication next year. The standards-delivering ...

Recommended for you

The powerful meteor that no one saw (except satellites)

March 19, 2019

At precisely 11:48 am on December 18, 2018, a large space rock heading straight for Earth at a speed of 19 miles per second exploded into a vast ball of fire as it entered the atmosphere, 15.9 miles above the Bering Sea.

OSIRIS-REx reveals asteroid Bennu has big surprises

March 19, 2019

A NASA spacecraft that will return a sample of a near-Earth asteroid named Bennu to Earth in 2023 made the first-ever close-up observations of particle plumes erupting from an asteroid's surface. Bennu also revealed itself ...

Nanoscale Lamb wave-driven motors in nonliquid environments

March 19, 2019

Light driven movement is challenging in nonliquid environments as micro-sized objects can experience strong dry adhesion to contact surfaces and resist movement. In a recent study, Jinsheng Lu and co-workers at the College ...

Revealing the rules behind virus scaffold construction

March 19, 2019

A team of researchers including Northwestern Engineering faculty has expanded the understanding of how virus shells self-assemble, an important step toward developing techniques that use viruses as vehicles to deliver targeted ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Mar 23, 2015
Still suffering from a fundamental flaw: confusion between identity and authority. Passwords allow me to access accounts on various websites, or, if I wish, I can give the password to someone else and they can access the account on my behalf. Bit like a key to my front door. Biometrics and similar foolish ideas mean that only I can access the account, and my account can be linked to hundreds of other accounts, whether I want that or not.

A password manager with a really strong master password is the way to go here, with strong 2FA for critical things like banks, gmail etc.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.