Passwords are a pain. I’ve just had to rummage around for the password required in order to post this article. I seem to have 100 or more different identities on different websites to manage. Whenever I book a flight or buy a concert ticket this often means setting up yet another persona and coming up with a password to authenticate it.
It’s got so bad I’ve resorted to a password manager program to suggest secure, truly random passwords and then keep track of them for me. Of course if I forget the password to that program, or worse still if someone else guesses that password, I'll be in all sorts of trouble.
Your Phone Is the Key
This is a recognised problem, so it’s no surprise firms are looking at ways to make this easier. In the US, Yahoo has announced it plans to move to a password-on-demand system, where a new, one-time password is generated and texted to your mobile phone, and you can text the password to Yahoo’s servers whenever its services require authentication.
This makes it things easier for the user, whose phone is now a key as well as everything else. But some security experts have been less than impressed. For example, many phones show the text of incoming messages automatically, popping up even when the phone is locked. All that would be required is five minutes alone with your phone and your Yahoo account could be hijacked. And who hasn’t left their phone unattended for even just a short while?
How About Your Body?
All this hassle with usernames and passwords has led many to think biometrics are the answer, in which uniquely identifying elements of our physical body are used as authentication keys.
The most common, fingerprints, have been used as a means to authenticate users for some time. Fingerprint-based controlled access can be made to work reasonably well, although it is not immune to successful attack. When you find that Sherlock Holmes was cracking cases in 1903 which involved forged fingerprints, you might be forgiven for wondering if we really can provide security on the basis of our fingertips and thumbs. However, modern biometric security goes further to try to provide greater security.
Goodbye Windows Password
Microsoft is building biometric password support into the forthcoming Windows 10, due to arrive later this year. The Windows Hello component, essentially a login screen, will be able to use a webcam to examine the user’s face, iris, or a fingerprint scanner to unlock devices and provide Windows logon. Microsoft are also touting a mechanism built into its Passport service that will provide authentication on your behalf to other sites once you have successfully logged on to your computer and it has recognised you.
