Security Corner

Sep 7 2013   3:33PM GMT

What does the future hold for passwords?

Ken Harthun Ken Harthun Profile: Ken Harthun

d_silhouetteI’ve written a lot about passwords in this blog and for many security and tech bloggers, it remains and evergreen topic. For all its problems, the password still holds sway as the primary authentication method. But with attacks becoming ever more sophisticated and predictable use of weak, guessable passwords, one has to wonder how long can we really keep on using them?

In theory, a password is an ideal authentication token, assuming knowledge of it resides only in the mind of the owner and it is securely stored on any other systems only in encrypted form. Practically, however, we know that this is rarely the case.

So what does the future hold? How can we replace the ubiquitous password with something more secure and less vulnerable to attack?

In life, we authenticate each other mainly by facial recognition, sometimes by voice (as in over the phone). Faces and voices are all unique and probably impossible to duplicate, though a voiceprint pattern could probably be altered by physical surgery. How about some combination of facial recognition combined with a spoken passphrase? That would give you three factors: face, voiceprint, passphrase.

Palmprints, fingerprints, iris scans could all be used to capitalize on the uniqueness of these things to authenticate you and various combinations of things could be devised.

The problem with these things, however, is that the hardware and software necessary to implement them effectively presents costs in terms of both money and system overhead. Facial recognition and voiceprint could be easily implemented using web cam and built in microphones on laptops and other smart devices.

Without a doubt, we eventually will see the password replaced by better methods. What do you think those methods will be?

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • FTClark
    Easily implemented? You have got to be kidding! Don't be fooled by all the nonsense you see from Hollywood. It would require at least a 3D camera and stereo microphones to even come close. The software required would be error-prone and extremely difficult to make accurate. AND! This method could still be hacked on the backend through some other loophole. (Note the latest patches in your next blog entry.) I predict this problem will never be completely "solved". There will be reasonable solutions but the biggest problem currently is that people don't use proper passwords anyway because it is just too hard to remember sophisticated multiple passwords. The next solution is likely to be a physical way to carry your automatically generated random passwords with you. A simpler form of facial recognition. Then how do you keep that device secure? (I already use a personalized crude system like this.) The problem continues...
    1,280 pointsBadges:
  • TomLiotta
    These things can be easily implemented. (Not necessarily "are", but "can be".) I've implemented some at home with minimal effort. As for hacking on the backend, if backend hacking is the problem, then authentication at entry points isn't particularly relevant anyway. -- Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: