About 1 billion people use the internet on a regular basis. Consider the sheer scale of this information. Now, imagine the number of passwords that are used daily by all these people. Most regular users are familiar with the limited capacities we seem to have to remember passwords. Each of us can probably remember a maximum of 5 passwords, all of which are masked when we type them out and appear as bulleted dots.
While most experts say this is for our benefit, some security researchers argue otherwise. In fact, there are gurus like Bruce Schneier who vote for usability and ask for passwords to be done away with. The alternative solution? Facial recognition software, iris readers, and augmented reality and spatial technology.
User Unfriendly
Preetam Kaushik is a freelance journalist covering business, IT and e-commerce. He is a beat and opinion writer for DailyDeal Media and a regular contributor to The Business Insider and YFS Magazine.
While it is important to prevent unauthorized use of online accounts, the increased user unfriendliness of password usage has led to a debate that questions the existing system. In fact, usability problems linked to the extensive system of relying on passwords for security has also increased security costs manifold for the online economy as a whole. While users have no choice but to write down or store passwords on their systems or in an online account they consider safe, hackers can easily get through these barriers. When accounts are hacked or passwords are forgotten, companies spend precious dollars resetting passwords. About two-thirds of all users worldwide request password reset and each password reset costs a whopping $30. Do the math, and the
on online companies is loud and clear.
One of the suggestions for future password security is the use of passphrases, as compared to complicated alphanumeric passwords that are much harder to remember. One Time Passwords (OTP) are a great solution to the problem of remembering several passwords and also to keep hackers at bay. Some organizations already use OTP technology. At IBM, for instance, all employees hold an encrypted token generating PIN’s whenever required. In fact, OTP technology is being commonly deployed by banks. Upon special requests by customers, passwords valid for limited-periods are sent out by the bank. Online security procedure can be further simplified, by eliminating usernames. The username could simply be an email address, so account holders don’t have to remember both the password and the ID. This is being applied in a large scale across online accounts, including social networking sites.
About two-thirds of all users worldwide request password reset and each password reset costs a whopping $30. Do the math, and the drain of the password system on online companies is loud and clear.
Another option is single-sign on applications. This has proven to be most cost-effective for organizations. Research shows that an organization with roughly 10,000 employees and a single sign-on system their intranet, when compared to organizations with multiple sign-on, save as much as $2.5 million a year on usability costs. Single sign-on maybe easier to apply on the intranet, however, it is hard to replicate on the internet with multiple IT companies running multiple online accounts.
The main grouse of usability experts is the growing difficulty and complications brought on by the existing password system. They advocate easier entry into any given online system. While security advocates champion the cause of making entry into a system harder – given the ever-looming threat of hackers. A good in-between system maybe a viable alternative. A system that takes into consideration easier usability and one that also takes the security debate into consideration. The use of facial recognition software, iris readers, and spatial and augmented reality technologies seem to come close to fulfilling both usability and security needs. An essential point to note here is that these technologies have long since transitioned the beta phase and are finding applications elsewhere, if not in the area of online security. This essentially means that including them in the online security debate, as viable alternatives to passwords, is not entirely unrealistic. In fact, it could prove to be productive. Therefore considering these alternatives may be well-worth the effort.
Low Threshold Face Recognition
At this point in the discussion, an interesting factor to take into consideration is that Apple filed a patent early this year, called Low Threshold Face Recognition. In this technology, using a set of images, Apple hopes to do away with factors which are restricting the wide-spread application of facial recognition technology for security. Apple’s path-breaking idea consists of a set of several images of faces. Now, the user must choose a face that he feels is a closest match. Thus, Apple has made a number of factors redundant when it comes to security with facial recognition. These include lighting, sound, resolution and biometric distortions. By picking a reference model, users to lock-in the security of their account and keep hackers at bay.
In this technology, using a set of images, Apple hopes to do away with factors which are restricting the wide-spread application of facial recognition technology for security… Apple has made a number of factors redundant when it comes to security with facial recognition. These include lighting, sound, resolution and biometric distortions.
Another important tool that Apple has done away with is the camera, although cameras are fairly ubiquitous these days. A simple idea, Apple has shown, can revolutionize the way our online and technological security is structured.
Android phones are testing similar technology ideas, where facial technology can be used to unlock phones. Other technology companies are using more complicated, yet deployable technology, like iris readers and feature scanning, using biometric data. Further enhanced technology is being experimented with, like augmented reality and spatial technologies that use location and situational awareness, and also take into consideration localized conditions to prompt, as well as prevent user access. Thus, users are moving into the next phase of security technology. A world surely most of us look forward to, a world where security is high, but password free; particularly, traditional character-based passwords.
Another aspect that the evolutionary shift of password technology could address, is identity theft. Online identity protection software is a huge industry, because of the pervasive nature of the theft. Given Moore’s Law, which predicts the doubling of computing every 2 years, it’d be interesting to note how security and access will evolve. However, no matter the slickness or effectiveness of technology, it is human convenience that will dictate the direction in which online security evolves.
