I’ve written a lot about passwords in this blog and for many security and tech bloggers, it remains and evergreen topic. For all its problems, the password still holds sway as the primary authentication method. But with attacks becoming ever more sophisticated and predictable use of weak, guessable passwords, one has to wonder how long can we really keep on using them?
In theory, a password is an ideal authentication token, assuming knowledge of it resides only in the mind of the owner and it is securely stored on any other systems only in encrypted form. Practically, however, we know that this is rarely the case.
So what does the future hold? How can we replace the ubiquitous password with something more secure and less vulnerable to attack?
In life, we authenticate each other mainly by facial recognition, sometimes by voice (as in over the phone). Faces and voices are all unique and probably impossible to duplicate, though a voiceprint pattern could probably be altered by physical surgery. How about some combination of facial recognition combined with a spoken passphrase? That would give you three factors: face, voiceprint, passphrase.
Palmprints, fingerprints, iris scans could all be used to capitalize on the uniqueness of these things to authenticate you and various combinations of things could be devised.
The problem with these things, however, is that the hardware and software necessary to implement them effectively presents costs in terms of both money and system overhead. Facial recognition and voiceprint could be easily implemented using web cam and built in microphones on laptops and other smart devices.
Without a doubt, we eventually will see the password replaced by better methods. What do you think those methods will be?