The password is dead. Long live the password.

Passwords are becoming ‘the’ security problem that needs to be solved.

Password prompt
Will we ever see the password put to bed?

As security breaches become more commonplace, passwords are getting longer and more complicated. Take a mixture of your pets name, mother’s maiden name & your favourite holiday destination, shake them around a bit with some upper and lower case, numbers and symbols – and you’ve got a more secure password.

It’s a shame you can’t possibly remember it.

Multiply those passwords across multiple sites and log-ins and unless you use the same one on them all, or keep a list of them all on your computer (which is more of a security risk than anything else), you’ll be continually hitting the ‘forgotten your password?’ button.

Everyone’s trying to find an alternative, but like cockroaches – the password is hard to kill off.

So what else is there?

Biometrics

Fingerprint or ear scanners on your smartphone, iris scanners at work, vein scanners at the supermarket – there are a raft of biometric solutions out there promising unique authentication by using something that’s unique to you.

Like most things in authentication, it’s a case of horses for courses. Biometrics have more of a place in the workplace for proving your identity than in the consumer world. Unless you’re purchasing that DVD on your smartphone, for example, they’re useless for logging into your online store.

Also, they aren’t immune to hackers. The iPhone 5S’s fingerprint scanner was successfully fooled two days after its launch, as was the subsequent Samsung Galaxy SF. All the more worrying is the fact that the Galaxy SF’s scanner is being used to authenticate PayPal transactions. Read our previous blog.

2. Implants.

We chip our pets, so why not humans?

PC Advisor has just run a fascinating online poll:

If you could have a chip implanted or carry around an ID card that meant you never had to remember passwords or log-ins again, would you do it?

Out of 4098 votes, 39% said yes, 50% said no and the rest weren’t sure. Now the ‘yes’ vote was way higher than we would have expected.

It sparked off a great debate from the voters. Those against in the main were concerned about:

– privacy (Big Brother knowing your every move and location)

– the opportunities for crime (hacking out the implant and stealing your identity, then leaving you to bleed to death)

– the medical procedure of getting it under your skin in the first place (will it hurt?).

Others just didn’t fancy being bleeped every time they passed through the supermarket checkout.

But some were fully for the idea, seeing the benefits of having one means of identification that you can’t accidentally leave at home. The convenience ruled out any concerns – especially if it’s an implant you can remove.

As one tongue-in-cheek comment rightly pointed out, “kids are already chipped, they never leave home without their smart phone.”

3.  A colour wheel?

Mnemonic password
Would you prefer colour, sound or a story?

One design student at the Royal College of Arts in London thinks she may have an alternative. Renee Verhoeven’s graduation project ‘ID Protocol’ creates a series of password tools that does away with letters and numbers in favour of personal, mnemonic memory codes.

ID Protocol uses the 3 main pillars of mnemonic memory: movement (muscle memory), synesthesia (interpreting code as a texture or sound) and making a story from existing words.

It works something like this: the user selects an ID Protocol pass that plugs into their computer. Passes can use different sensory cues such as colour, pattern making, memory or storytelling: allowing you to use a colour wheel or a story mechanism rather than a set of numbers and letters to log in.

It’s just a concept for now, but as secondary authentication measures become more popular, maybe we’ll be identifying ourselves with a gesture or a story soon. Read more

4. Your heartbeat?

Just one of the latest pieces of kit around that promises a new way to log-in or prove your identity is the Bionym Nymi. It looks like a simple watch, but it’s actually a piece of technology that authenticates your identity by measuring the rhythm of your pulse. Your heartbeat is unique and can’t be faked, so they say. It’s only available for pre-order at the moment; watch this space.

A more realistic answer

The reality is it’s likely to be a combination of these things. Multi layer authentication is set to be the future, where we use two or more factors to prove our identity, depending on the perceived risk. So we may use a biometric method (a fingerprint for example) with a simple password or pin, or scan the information on our smart cards and follow-up with a mnemonic prompt.

We’re already using biometric methods on our smartphones, and their GPS or NFC capabilities add yet another layer.

One-time use passwords and PINS are also likely to feature strongly, as is pre authenticating mobile devices. However this only works if the device has been registered in the first place.

Passwords and PINS will probably never fully go away. But one thing’s for sure – they  won’t be replaced by one definitive solution.