Followers of the Bach Seat know that passwords suck. I have covered alternatives to the password as far back as 2010 and here and here. Now the Business Insider lists nine crazy alternatives to passwords. The article describes efforts around the globe to develop new gadgets and technology that can save you from the headache of memorizing (and inevitably forgetting) passwords.
The article calls out several ways to replace passwords to authenticate a user. Users can be authenticated based on a physical trait or biometrics. Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. Biometrics can offer one of the independent credentials required for multifactor authentication (MFA). MFA combines two or more independent credentials. What the user knows (password). What the user has (security token) and what the user is (biometric verification).
How to replace passwords
Selfies – This might be the password of choice for the Facebook (FB) generation. Companies like Amazon (AMZN) and Mastercard (MA) are already considering selfies. The technology would ask users to snap pictures of their faces on a smartphone before making a transaction. Mastercard’s technology would need a user to blink before their face is scanned. This is a safeguard to prevent hackers from simply placing a picture of someone else in front of the camera.
Edible pills – Swallowing pills might be one of the few things more annoying than memorizing passwords. But some researchers think it’s the future. After mixing with stomach acids the pill would emit a unique, low power signal that connects with your PC. Google (GOOG) VP of Advanced Technology and Projects Regina Dugan described such a system a few years ago. According to Ms. Dugan, a person could safely ingest 30 pills every day for the rest of their lives.
Your gait – Going for a stroll might not sound like the most convenient way to log on to your computer. But the way you walk has some unique traits that could serve as a means of authentication. A wearable device, like a bracelet or anklet, could record your physical activity and use that information as a password the next time you need to log on. One study reportedly analyzed the foot pressure patterns and achieved a 99.6 percent accuracy rate. rb- I covered the now-defunct Alohar Mobile attempt to turn how you stroll into a password here.
Your ear cavity – Has anyone ever told you your ear canal is one of a kind? NEC does. They are developing special earbuds, that bounce a sound into your ear’s cavity. They then use the reverberations as a signature to identify you. NEC hopes to have these available within a few years. Another study was able to achieve a 99.6% accuracy rate identifying individuals by analyzing how light reflects off the curves of the ears. rb- Back in 2014 I covered the Descartes Biometrics app that used the shape of your ear as a password.
Your backside – The shape and contours of your posterior are special. So special that some researchers in Japan have explored whether a seat mat could be used to identify you. The experimental mat is packed with special sensors that measure pressure distribution. The mat could be integrated into cars, to prevent unauthorized sitters from driving off with the vehicle.
Tattoos – Google’s Regina Dugan showed off a sticker-like wearable tattoo on her arm a few years ago that she said could be used to unlock a phone or computer. The tattoo, which was only an experimental prototype, was made of flexible circuits and sensors, and could be worn for up to a week, she explained. No word on whether you can get the password tattoo in the design of a fire-breathing dragon.
Your Jewelry – Wearable gadgets like the Fitbit and Apple Watch can already track your sleep and the steps you take. The next step is to track the pattern of your pulse or heart rate, as the Nymi band does, and use that information to identify you. rb- I covered the Nymi earlier and we have seen that the iWatch and other wearables are not secure so how can they log you?
Your voice – Nothing is easier than saying a few words, and even the best impersonator can’t perfectly mimic another person’s voice. That’s why one big bank in Britain recently set up technology to identify customers on the phone or online by the sound of their voice. And yes, the system will still work if you have a cold.
Implants – This one is only for hardcore security geeks. Believe it or not, some people have already experimented with embedding a small RFID chip under their skin. The chip emits a radio signal that can theoretically be used to do everything from unlocking the door to an office and starting a car, to logging on to email.
rb-
The biggest problem with biometrics is getting people to use them. How many do you know would be willing to swallow a pill to log in to each of their websites? It is a voluntary decision to swallow pills to log in to Facebook, Instagram, or Google. What if your employer requires you to swallow pills to enter the building, login to Windows, your email, ERP, CRM, HR. What are the implications for privacy? Healthcare? Plumbing?
I wrote about the problems of adapting an eye-based biometric system back in 2012.
The end-user will be the fundamental roadblock to any eye-based biometrics. Traditionally, anything related to eye recognition has received strong resistance, because it is just human nature to be squeamish about having our eyes scanned.
Related articles
- MasterCard’s ‘selfie pay’ is coming to Canada (thestar.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
There is a huge issue with biometrics. You can’t change your intrinsic physical or behavioral traits if they get stolen or hacked. Well, now there is more proof that biometrics can be hacked without cutting off a finger.
All in all, an attacker can have a spoofed fingerprint that would allow him to access a phone protected with fingerprint authentication in less than 15 minutes, and the cost of all the tools he needs to do this does not surpass $500.
The Comodo researchers examined all the emails Comodo filtered for customers in the second half of 2015, specifically looking at SPAM. In doing their research, they conducted an IP address analysis of the millions of pieces of 
