I am sure I am not the only person to think that passwords are a pain. My own passwords charged recently are now meaningless to anyone but me, but some people still are choosing simple words that are easy to remember, but equally easy for hackers to guess. The weird thing is though even with these simple passwords we still manage to forget them.
In the last 10 years we have seen so many reports of security breaches where google, amazon and ebay have been caught losing users password. The reported theft of 1.2 billion email passwords by Russian hackers earlier this month was just the latest in a long string of major password security breaches that have led some people to wonder if the use of passwords should be abandoned. But what are the alternatives I hear you ask?
One low-cost option, could be biometrics, making use of the microphones, cameras and web cams most computers and mobile devices are now equipped with. The simplest way to log on might be through facial recognition – or “authentication by selfie,” the UK airports have been using facial recognition for a long time now and its so easy because it would require the user to do nothing more than look at their computer or mobile screen. Logging in using voice recognition again would also be straightforward. We have had Voice recognition for a long time now and software like Dragon NaturallySpeaking and its so simple. With phones you could take the added security for these authentication methods and beef then up by adding contextual information such as GPS data from a mobile phone, or simply the time of day. If a user tries to log on at an unusual time or place then additional authentication information can be requested.
As so many people still choose simple but highly-insecure passwords and PINs because they forget anything more complex, its important we look further. Apple has recently included fingerprint which was included in O2 first XDA too. So we are moving in the right direction, Apple fingerprint recognition allows you to register all your digits and then link them to a longer and more secure password.
The banks have used Pin sentry device with a question about the xth character of your password,using drop down boxes to stop keystroke interception and for web based /internet security this is quite powerful as you combining a number of security implementation. The security world is evolving are you moving with the times ?