The days of the humble password are almost behind us

More recently being forced to include upper-case letters, numbers and sometimes a symbol or two (@ is the most popular) within the password has led to a rise in the number of clicks on the ‘help with logging-in’ link on almost every account on the internet.

The more complex you’re forced to make your password, the more likely you are to use the same one for different accounts; diluting the security of the password itself. It’s no wonder alternative security solutions are being developed, some of which are already found in online devices.

Two-step verification is pretty well entrenched. Here, a notification is sent to your phone should an attempt be made to log into your account from an ‘unknown’ computer. It’s not a perfect solution, and comes with its own frustrations – when there’s poor mobile phone signal as you try to access your account from an ad-hoc device or unfamiliar internet, for example. This is particularity a problem when travelling.

Biometric solutions, such as facial recognition, iris recognition and fingerprint technology are all quite common – but are not perfect as the systems used in everyday devices generally consider an advanced ‘average’ match as being close enough. But rest assured that biometric systems protecting missile launching sequences are far more sophisticated.

The end of password-only protection has actually been in the works since October 2005, driven by the banking sector when the US Federal Financial Institutions Examination Council issued new guidelines for banking online authentication. It warned financial institutions that passwords alone provide insufficient protection as the sole means of authentication.

So, what type of security arrangements can we expect, finally taking us beyond the era of passwords? Toronto-based company Nymi suggests that your heartbeat, which is unique, could be used to verify your identity. Using a bracelet, the wearer’s cardiac rhythm is constantly monitored, giving access to secure systems for as long as the heartbeat is detected. If the wristband is removed, the account is locked-out.

Alternatively, Japanese firm Fujitsu has been working on a system of vein-recognition for several years. Their solution, called Biyo, identifies a person by scanning the unique pattern of veins in their hand using near-infrared light. It then matches the pattern against an encrypted database of pre-registered users.

Professor Vishal Patel at America’s Rutgers University thinks the solution lies in ‘active authentication,’ where your everyday actions help devices or accounts recognise who you are, and subsequently give you ongoing access. His technology recognises the way you walk, so your phone, for example, knows who’s handling it.

Further to this, individual apps are secured under Patel’s technology by recognising the unique way the user scrolls down and navigates the screen. The time between specific keystrokes also identifies you, as well as the words you choose and the way you punctuate text. Move a mouse and the velocity of the pointer can identify you, and so can the manner in which you click.

Given these amazing advances, why aren’t these safety features already more common today? Some of the reasons include the challenge of integrating technology into so many varied devices – and the rivalry between Apple, Android and Microsoft doesn’t help. Beyond that, such technology today could be too much of a drain on battery life and some of the methods, like tracking our patterns of life, could be unsettling for some users.

There’s no doubt the password is on the way out. But, until then, do embrace any new security features offered for your device or account.




The Expert. Tech expert Tim is the technology writer for Executive PA Media. He can be heard on talk radio in his native Australia and is a tech presenter speaking at conferences and trade shows about technology’s impact on work and lifestyle.