Latest Posts

Latest Comments


The future of passwords


Posted by |

In concluding my trilogy of password blogs, I’d like to take a look to the future. Anybody who has seen a big budget, Hollywood film in the past 10 years will be no stranger to the idea of fingerprint and eye scanners as forms of identification and access. But, is this true to the path that password evolution is taking? I’d like to take you through some of the more interesting password developments that I’ve come across.

Perhaps even more futuristic than the idea of granting access through fingerprint recognition is the ‘password tattoo’ Motorola execs have showcased this week. Their dedication to the cause is inspired by what they call ’40 year old technology,’ and the current need for users to ‘log in’ up to 39 times a day. And I agree that there is certainly a need for change: you wouldn’t trust a 40 year old car, why would you trust 40 year old security measures? However, Motorola’s stick-on electronic tattoo, using temperature and ECG technology, seems a big leap. The adhesive circuitry has a shelf-life of two weeks before needing to be replaced, and how much would this cost? I can’t help thinking that investing in improving existing authentication apps may be the more consumer-friendly route to take, especially in comparison to Motorola’s second revelation: an edible pill that, when in contact with stomach acid, broadcasts an 18-bit ECG signal throughout the body, triggering authentication when in close proximity to the device or resource.

So, we are all carrying these very personal devices in our pockets, which we trust with a lot of personal information (we use them for Facebook and Twitter, email and Cloud storage access, and storing pictures and videos), yet rarely do we properly secure them.  A tablet or tattoo may well assist us in securing these sentiment-bearing pieces of technology.

And with these additional security measures, maybe the smartphone could then be the answer to securing our online services even further. Google, PayPal, Twitter, many banks, and even Redcentric have already introduced two factor processes, with the mobile device as their preferred point of access.  If we take into account that getting into the device in the first place is an in-built security measure, and we increase the security of this measure further, then it can almost be accepted as a third authenticated method on top of a two factor authentication process. For example, small additional steps could easily allow information at the point of access to be sent back to online services, resulting in a simplified, hopefully accelerated, very strong authentication framework, which should defeat most if not all casual attempts to access our private data.



Post a comment

Comment submitted! Comments needs approval before being displayed.