Passwords can be inconvenient, but they are necessary. Fortunately, advances in new security methods may spell the end of passwords.
How many times have we returned to the office after the summer holidays and found we could not access our computer because we couldn’t remember the password? How much imaginative effort do we expend when, for security reasons, we have to change our password and cannot think of a new one? The fundamental problem of passwords in the business world is this: they are most effective when they are long, complicated and are changed frequently. In other words, when employees are less likely to remember them!
And in our personal lives, how many have different usernames and passwords do we have to access a myriad of different services and applications (banking, email, social networks, etc.), making it difficult for us to remember them all?
It is clear that passwords are a real nuisance. The good news is that it seems that in the not-too-distant future we will be able to forget about them once and for all, thanks to new technologies that aim to offer us more secure, practical and effective authentication solutions.
In this article, we review some examples of these new solutions and technologies that are emerging, as well as how the major technology players are positioning themselves in this field. This is not an exhaustive list, but it gives an idea of what the major trends in this area are.
Biometric and “strong authentication” solutions
Today, for example, many laptops already come with built-in fingerprint readers. Smartphones and other devices are also exploring biometric options, such as facial and voice recognition.
Last year, Apple bought AuthenTec Inc., a company specializing in the development of fingerprint sensors, for $365 million. One of the big innovations of its new iPhone 5s is that it includes a sensor of this kind, which is used to access the device or make secure purchases from the iTunes Store. HTC, meanwhile, has just announced its HTC One max, which also incorporates a fingerprint scanner. Microsoft says its Windows Phone OS 8.1 is “optimized for fingerprint-based biometrics.” According to the company, from now on biometric authentication systems will be used much more within its operating system.
These systems nonetheless still brook improvement, because the truth is that fingerprint readers do not work with everyone: the elderly who have hand tremors, when hands are too dry, etc..
In the same vein, Google, PayPal, Lenovo, Mastercard, LG, and others have formed a non-profit organization called Alliance FIDO (Fast Online Identity), aimed at creating standards for biometric authentication and other solutions in what has already begun to be called “strong authentication” through a type of USB stick or key called “tokens”. Other organizations working on these issues are the Natural Security Alliance and OpenID.
In the image below you can see what these new trends consist of in comparison with existing solutions.
Google is already experimenting with a type of “token”, created by the Palo Alto company Yubico Inc. Like traditional hardware tokens (systems that generate random numeric passwords), used for years in the corporate world, Yubico’s device creates temporary passwords that can be used as a secondary form of authentication. But in this case, instead of having to read the password in the token itself and then write it, employees simply enter the token into a USB or touch it with an NFC enabled device. Google will test these devices with their own employees this year and are thinking of launching them on the market next year as a means to access Gmail and other Google accounts more securely. According to the company, they are very easy to use and offer a very high level of encryption.