About 1 billion people use the internet on a regular basis. Consider the sheer scale of this information. Now, imagine the number of passwords that are used daily by all these people. Most regular users are familiar with the limited capacities we seem to have to remember passwords. Each of us can probably remember a maximum of 5 passwords, all of which are masked when we type them out and appear as bulleted dots.
While most experts say this is for our benefit, some security researchers argue otherwise. In fact, there are gurus like Bruce Schneier who vote for usability and ask for passwords to be done away with. The alternative solution? Facial recognition software, iris readers, and augmented reality and spatial technology.
One of the suggestions for future password security is the use of passphrases, as compared to complicated alphanumeric passwords that are much harder to remember. One Time Passwords (OTP) are a great solution to the problem of remembering several passwords and also to keep hackers at bay. Some organizations already use OTP technology. At IBM, for instance, all employees hold an encrypted token generating PIN's whenever required. In fact, OTP technology is being commonly deployed by banks. Upon special requests by customers, passwords valid for limited-periods are sent out by the bank. Online security procedure can be further simplified, by eliminating usernames. The username could simply be an email address, so account holders don't have to remember both the password and the ID. This is being applied in a large scale across online accounts, including social networking sites.
The main grouse of usability experts is the growing difficulty and complications brought on by the existing password system. They advocate easier entry into any given online system. While security advocates champion the cause of making entry into a system harder - given the ever-looming threat of hackers. A good in-between system maybe a viable alternative. A system that takes into consideration easier usability and one that also takes the security debate into consideration. The use of facial recognition software, iris readers, and spatial and augmented reality technologies seem to come close to fulfilling both usability and security needs. An essential point to note here is that these technologies have long since transitioned the beta phase and are finding applications elsewhere, if not in the area of online security. This essentially means that including them in the online security debate, as viable alternatives to passwords, is not entirely unrealistic. In fact, it could prove to be productive. Therefore considering these alternatives may be well-worth the effort.
Low Threshold Face Recognition
At this point in the discussion, an interesting factor to take into consideration is that Apple filed a patent early this year, called Low Threshold Face Recognition. In this technology, using a set of images, Apple hopes to do away with factors which are restricting the wide-spread application of facial recognition technology for security. Apple's path-breaking idea consists of a set of several images of faces. Now, the user must choose a face that he feels is a closest match. Thus, Apple has made a number of factors redundant when it comes to security with facial recognition. These include lighting, sound, resolution and biometric distortions. By picking a reference model, users to lock-in the security of their account and keep hackers at bay.
Android phones are testing similar technology ideas, where facial technology can be used to unlock phones. Other technology companies are using more complicated, yet deployable technology, like iris readers and feature scanning, using biometric data. Further enhanced technology is being experimented with, like augmented reality and spatial technologies that use location and situational awareness, and also take into consideration localized conditions to prompt, as well as prevent user access. Thus, users are moving into the next phase of security technology. A world surely most of us look forward to, a world where security is high, but password free; particularly, traditional character-based passwords.
Another aspect that the evolutionary shift of password technology could address, is identity theft. Online identity protection software is a huge industry, because of the pervasive nature of the theft. Given Moore's Law, which predicts the doubling of computing every 2 years, it'd be interesting to note how security and access will evolve. However, no matter the slickness or effectiveness of technology, it is human convenience that will dictate the direction in which online security evolves.