There’s an old Popeye cartoon where the famous sailor with massive forearms stands outside a cave that’s blocked by a giant boulder, and he yells, “Open Says-Me.” Open sesame wordplay aside, if only passwords were this simple.
Password security is not a new conversation. Protecting yourself in the digital world is the responsibility of everyone. Popeye and Olive Oyl included, I suppose—though I’m not sure if they ever adapted to the tech revolution.
Passwords were first introduced to the world of computing in the 1960s, most likely by the same Massachusetts Institute of Technology team that brought us the origins of email, instant messaging, and file sharing. And like the cool-factor of Popeye and the boulder that magically shifts aside, these tools continue to be a bit jaw-dropping when you spend time to think about them.
Nicholas Tesla might have predicted the invention of the smartphone back in the 1920s, but we take for granted everything that we have at our fingertips today. That’s not to say that we should take our security for granted. That is a tough lesson we’re reminded of again and again.
Why aren’t passwords secure enough?
Over-use? Lack of updating? Simplicity? Ease of Guessing?
Requirements that passwords avoid familiar details about yourself, such as your name, a pet’s name, a child’s name or your birthday are a good start. Avoiding the most common passwords that people are still somehow using is essential.
But when it comes down to it, any string of letters, numbers, and punctuation can be hacked with a bit of effort. Hopefully, those efforts aren’t directed at you, but the truth is that they could be.
So, what should be done?
Password security education? Absolutely.
Test your passwords at HowSecureIsMyPassword.net? Smart move.
Regular updating of passwords? You bet.
No more universal passwords used for every login? Wise choice.
Redefining what password means? Perhaps this is the best answer of all.
Goodbye, passwords as we know them?
In 2018, Microsoft declared an “end to the era of the password” at their Ignite Conference.
Between phishing and spear phishing attacks, brute force attacks, malware exfiltration attacks, and social engineering, there are a lot of concerns about the passwords we commonly use today. Security awareness and vigilance unfortunately only take us so far.
Updated password technology is stepping up security, and perhaps password is the wrong term to use when thinking about privacy and authentication in the future. Words specifically shouldn’t be the idea on your mind.
- Biometrics are beginning to come into their own.
- Fingerprints are now commonly being used by banking apps, credit cards, and many smart devices.
- Facial recognition has started to work out early kinks and is now over 95% accurate according to the latest studies, when dealing with the major companies in this area. In fact, a mobile payment app called Alipay is already in use by Alibaba shoppers in China.
- Retina Scanning, which has a dramatically low error rate, has started to move away from only physical access uses and into other authentication processes.
- Voice recognition is taking off, especially as a key tool of smart home devices, enabling different preferences and security settings for different users.
- Palm vein recognition, using the patterns of veins in fingers or palms, has been used in the healthcare sector for years now and is presently being considered for some retail payment systems.
- Two-factor authentication (aka 2FA and two-step verification) is adding an extra layer of security to passwords. As is implied by the name, these passcodes require two different pieces of information. Generally, authentication is required by sharing or activating either something you know (e.g., a password or security question), something you have (e.g., a cell phone with an authentication app or a similar small security device), or something that is you (e.g., your fingerprint or your face). 2FA is simply a requirement for two of these before access is provided.
Are one of these ideas the future? Perhaps. But there are other security ideas that might overstep all of these.
We don’t know quite what digital security will look like in ten years—or even five—but along with the two-factor authentication and biometrics possibilities discussed, there are some other possibilities as well.
- Heartbeat signal authentication has been perceived as less intrusive than fingerprints, retinas, and other biometrics. The electrocardiographic signals produced by every individual’s heart are indeed unique, and their use as passcodes or as a means for authentication could be as simple as tracking these rhythms on a smartwatch or other wearable device. Intriguing, right?
- Brainwave password technology is developing passcode measures both unique to an individual’s brain structure as well as to that person’s memories and experiences, and what’s significant here is that these authentication measures are both hard to duplicate yet actually updatable if needed. Other biometrics security measures are hard to replace. Your fingertips are your fingertips, after all. There’s no reset button you can apply. However, brainwave passwords record your reactions to a stimulus, such as a picture. The signals your brain produces when you look at Popeye versus when someone else looks at Popeye will be different, because of not only your physical make-up but also because of what that image brings to mind for you. These stimulated brainwaves would be your passcode. And if, somehow, the data behind these brainwaves were compromised, you could simply reset your passcode with another stimulus, which would produce another complex reaction. It’s fascinating, really.
- Zero Login is another technology in the early stages of use. It uses behavioral characteristics, including location, typing patterns, pressure of finger taps on a phone screen, proximity of other devices such as a smartwatch, ear buds, or even a car, and other unique identifiers. Think of when you’ve logged into an account from a new device or used a credit card in a far-off location. Often, in these circumstances, you are called or similarly questioned about whether this unexpected activity is indeed you. This is the core of zero login in action. Behaviors have to align properly, and if they do, you’re all set. Simple? Maybe not, but it almost seems so.
Passcodes are one of the biggest challenges of the digital age. They have been since their first use in the 1960s, and they surely will be for years to come.
New technology will change passwords and authentication as we know it, from personal email communications to the shopping experience. (That’s right. Why do we need check-out lines when payments can be made securely without cash or cards?) Who knows what other areas will be explored?
Authentication has been around for centuries—used by ancient Romans, Shakespeare’s characters, speakeasies, and really old Popeye cartoons alike—but the way we think about it is about to drastically change.
It’s fascinating and revolutionary. It’s hard to keep up with. But that’s why we’re here for you.