Secure your data with your body, not your brain
Fortunately, non-password-driven security systems have been with us for some time, and the technology to make them ubiquitous is at hand.
Thanks largely to the wide-scale adoption of sensor-filled smartphones and other mobile devices, security is now focusing on helping users prove their identity through an aggregation of factors that complement passwords. You’ve probably encountered two-factor authentication (2FA) systems that text you a unique, time-limited code that you must enter into the system along with your other credentials. The two factors are something you know (your password) and something you own (your mobile device).
Biometrics are another technology that’s coming into its own as a password replacement. Modern phones, tablets and laptops often include fingerprint scanners, which can be used not only to unlock the device, but also to prove your identity to third party apps and services (like online banking).
Other biometric identifiers being explored (and in some cases, deployed) include facial recognition, iris scanning, voice matching, hand shape and ear shape.
Going further, other identifiers based on behavioural traits are also coming. These include gait analysis (measured by a phone’s or smartwatch’s gyroscopes), typing style (via keystroke analysis), heartbeat (from a smartwatch or fitness tracker), or even online behaviour (based on baseline activity patterns, which can then detect anomalous behaviour associated with your password).
There are even implantable microchips that hold out the promise of logging into systems, making financial transactions, accessing public transport systems and entering secure facilities as easy as the wave of a hand.
The trick, as always, lies in getting the balance between privacy and security right. Unless users are comfortable with how their actions will be tracked and their movements monitored, it’s likely that the humble password – with all its faults and flaws – will remain the most common security measure. It’s really the password problem writ large.
A good system, by itself, does nothing: only widespread user adoption will make it successful. The ball is firmly in the security system makers’ court.