Death knell for passwords
Better security ahead
Headlines about mass data breaches have become ominously routine, and yet password convenience still trumps security for most people.
That’s why, year after year, the world’s most popular logon remains “123456,” a password so obvious it accounted for 17 percent of the 10 million compromised passwords analyzed by Keeper Security, which sells a login management service.
The answer, of course, is to get rid of passwords altogether.
Biometric technology — especially fingerprint scanners — has been steadily replacing the need to type in a password, which can easily be guessed by hackers wielding smart algorithms.
Now, with the world increasingly embracing voice-activated devices like the Amazon Echo and Google Home, companies are starting to create technology that recognizes a person’s speech patterns. Facial recognition is beginning to catch on as well.
“Our vision is to kill passwords completely,” says Dylan Casey, vice president of product management at Yahoo, which has suffered major security breaches in the past.
“In the future, we’ll look back on this time and laugh that we were required to create a 10character code with upper- and lower-case letters, a number, and special character to sign in, much in the same way that today’s teenagers must laugh at the concept of buying an album on a compact disc.”
The question is whether companies will be able to persuade people to switch to biometric logins and whether the new technology will prove any more resistant to hackers than the oldfashioned password.
In March 2015, Yahoo began a process to cut out the need for customers to remember a password to log into its e-mail service. Users could be sent a one-use-only random password via SMS to their cell phone instead. In October of that year, the company expanded this functionality to take advantage of smartphones.
Instead of typing a password, a user’s phone can be sent a notification asking them to just confirm the login attempt was legitimate.
As many smartphones now feature biometric sensors, this method can be more secure still than an SMS, as it not only requires a phone to be present, but it must also be unlocked by the user.
Systems such as this have been made possible in large part by Apple, which popularized the fingerprint scanner by embedding it in the iPhone four years ago, and subsequently baked the technology into the MacBook lineup.
Microsoft is also getting into the act. Last month, the company started to let the estimated 800 million people who use its Outlook.com, Xbox.com, Skype.com and other cloud-based features log on with a fingerprint scan on their smartphone if they so choose.
By October or November of this year, “you’ll be able to take your phone, walk up to your Windows 10 PC and just use your thumbprint to log into your PC,” says Alex Simons, who’s in charge of products within Microsoft’s identity division.
Thirteen years ago, Bill Gates predicted the death of the password. It never happened because people cling to old habits and can’t always afford the latest technology.