Passwords are dead

password

I’m sure we have all heard about the new Samsung Galaxy S5 release and its fingerprint reader by now. This feature is directly linked to your PayPal account, which, in turn, is linked to a whole heap of other payment systems. Instead of typing in your password, all you need to do is show your fingerprint as a proof of identity. If this alternative picks up, we won’t need passwords at all – but is this really a better option for access approval?

Needless to say, the fingerprint password is still in its development stage and the S6’s fingerprint scanner is far from perfect. However, many other companies are also looking for other options for security that doesn’t involve the use of a password. Google is developing a USB keyfob, which should be rolled out before the year ends. The usage is simple, you plug in a compact USB key and it will log you into all your Google accounts.

Will passwords may become a thing of the past and be rendered obsolete in the near future? Only time will tell. Lets look at the problem a bit more closely.

The problem with passwords

You have a lot to lose when your password falls into the wrong hands. This includes your identity, all your money, your cloud-storage accounts and pretty much your digital life. A hacker from anywhere in the world with internet connection is capable of stealing your password. Little evidence is left behind and the perpetrator could conceal their identity and location quite easily too.

Passwords are obtained through data breaches and social engineers who pose as customer-service reps. These hacks are personally devastating and cost businesses billions of dollars per year. People who use the same password for multiple services are especially vulnerable. Also, it doesn’t help when we daisy-chain our accounts together, with a single email address acting as a universal username that could be a point of failure vulnerable for exploitation, which leads to devastating results. Personal information is so accessible nowadays that it is not hard for hackers to trick customer service agents into resetting passwords.

The fingerprint problem

Since 2012, a group called the FIDO Alliance has been working on user authentication for technological devices such as fingerprint and iris scanners as well as voice and facial recognition. They have received a lot from help and support from big name companies like Google, Microsoft, Bank of America and MasterCard. In fact, Samsung’s fingerprint-based authentication system uses FIDO Ready’s technologies.

What about Apple? I haven’t forgotten about the Apple iPhone 5S’s Touch ID. They are developing their technology separately from FIDO and keeping their specs hidden, even from their iOS developers. For the mean time, Apple’s Touch ID can only be used to unlock the iPhone and log into iTunes and it is unclear what plans Apple has for its future. Are they going to improve it and make it do different things and better things? I guess, only time will tell but one thing is for sure, it could seriously pose as a roadblock for FIDO’s success and plans.

1 Comment

  1. Devin

    07/05/2014 at 8:10 am

    You can use the Samsung Galaxy S5 fingerprint authentication online today with LaunchKey for a password-free login experience: https://launchkey.com/blog/2014/05/06/fingerprint_authentication

Leave a Reply

%d bloggers like this: