HUFFINGTON POST

Passwords Are Terrible -- And These Companies Want To Kill Them

03/04/2015 02:01 pm ET | Updated Mar 06, 2015
Cultura/Rafe Swan via Getty Images

Imagine sitting down in front of your computer or grabbing your smartphone and being able to seamlessly log in to every account you need. Maybe your device recognizes your fingerprint, your eyes or your heartbeat. It just knows it’s you, and not an impostor.

That’s the password-free future that many tech companies envision. It just may take them a while to get there.

Passwords have long been the gold standard in online and device security, and we’ve been using them for as long as we’ve had to log in to computers and accounts.

The trouble is, passwords are horrible. Many people don’t use them properly. While security experts recommend using a strong, unique password for every service, most users don’t do that, leaving them vulnerable to hacking. And many of us regularly forget our passwords and have to reset them frequently.

But take heart: The race to kill the dreaded password is on. Tech giants are battling to replace it with biometric technology -- using your face, eyes, fingerprint or heartbeat to identify you -- which could mean more security and convenience for consumers.

This week, Qualcomm, which makes the chips for many Android smartphones, announced Snapdragon Sense ID, a new type of sensor that uses sound waves to detect 3-D details of your fingerprint. The company says the sensor can read fingers covered in sweat or lotion and can work on glass, steel, plastic and aluminum devices, giving more flexibility to device manufacturers.

Snapdragon Sense ID, unveiled this week at Mobile World Congress, an annual gathering in Barcelona for tech and telecom leaders, is just one of several new developments in biometric security that technology companies have announced of late.

Also at Mobile World Congress, Samsung said that it had improved the fingerprint sensor on its new high-end smartphones.

At the Consumer Electronics Show in January, chipmaker Intel unveiled True Key, which uses facial recognition, fingerprint scanning and other authentication methods to unlock a password manager that gives access to apps and online accounts.

And Touch ID, Apple’s fingerprint-sensing technology for newer iPhones and iPads -- widely seen as the most successful application of biometric security to consumer devices -- is available on a growing number of third-party apps.

“There’s somewhat of a perfect storm happening in the marketplace now,” said Anthony Antolino, the chief marketing and business development officer at eyeLock, a New York-based company that has built iris authentication platform technology.

Antolino said that frequent high-profile security breaches, the availability of less expensive and smaller biometric technologies and the staggering rise in the number of mobile devices are all driving the urge to end the password age.

The success of Apple’s Touch ID in particular has inspired the rest of the industry to follow, according to Chester Wisniewski, a senior security advisor at the security company Sophos.

In September 2013, Apple released Touch ID on the iPhone 5S as an alternative to unlocking the phone with a passcode. The company said at its developer conference last June that before Touch ID was available, fewer than half of iPhone owners used a passcode. But as of that conference, 83 percent of iPhone 5s users were using Touch ID to unlock their phones.

“Apple proved a business model offering consumers biometrics,” Wisniewski said. “Apple went out there and proved people will use it if it’s easy enough to use.”

A year later, Apple opened up Touch ID to non-Apple apps, so people can now use their fingerprints to log in to some services, like Amazon and personal finance manager Mint. And people with the latest Apple devices can also use Touch ID to pay for things with their phones.

Still, it will be quite a while before the password is out of our lives completely.

One issue is the reliability of biometric security. Even though Touch ID is widely seen as successful, it doesn’t work well for everyone. It also may not work if your hands are cold or after you’ve showered or done the dishes.

When Intel debuted True Key during a keynote address at the CES, the program failed to recognize the presenter during the demonstration.

Passwords have no such issues. Despite their drawbacks, they work -- if you type in your password correctly, you’ll get in.

Another issue is trust: Consumers must believe that these companies are taking good care of data on their fingerprints, faces and eyes.

Wisniewski lauded Apple for the way it protects the privacy of users' fingerprints, but said consumers shouldn’t expect the same levels of security from every company that holds their biometric data -- especially when protecting password data has already proven to be so difficult.

“Why should we trust that the companies asking us for our biometric data are going to be any better with it than my password?” Wisniewski said.

For the time being, security experts recommend using password managers -- digital lockers that not only generate strong, unique passwords, but also store them -- that can be unlocked with one strong password. They also recommend using multi-factor authentication, which requires you to use a code generated on another device, like a smartphone, when it's available.

"Right now we're eliminating the hassle of remember multiple passwords,” said Mark Hocking, vice president and general manager of Safe Identity at Intel. “Down the road, we want to eliminate the password completely. But that's going to take a long time.”

This post has been updated to more broadly describe the company eyeLock's work.

CORRECTION: This story previously suggested incorrectly that True Key uses a single master password for all of a user's linked accounts. This post also misidentified Mark Hocking as Mark Miller.

Suggest a correction
Comments

CONVERSATIONS