The Future of Passwords

It seems to be the general consensus these days that passwords as we know them are on the way out. As far back as November of last year, Wired’s Mat Honan declared that, “The age of the password is over, we just haven’t realized it yet,” in a piece entitled, “Kill the Password: Why a String of Characters Can’t Protect Us Anymore” (which also does a great job of enumerating why passwords are approaching obsoletion).

So while tech journalists all over the web are predicting the imminent death of the password as the standard means of authentication we wanted to explore some of the technologies in development that could ultimately take its place. Some of these technologies have already been introduced to the market while others are still in the developmental stages, but all appear to be promising candidates for the future of authentication:

2-Step Passwords

Okay, so this one doesn’t exactly have the “space-age” appeal of some of the other prospective authentication technologies but it is effective, and it’s already being widely implemented by major players like Google and Facebook.The idea is simple. Your account is tethered to your phone number, and upon successful login with a standard password, a one-time code (in this case, a meaningless string of characters) will be texted to your phone. You’ll then be prompted to enter this code before accessing your account.While the 2-step password is quickly gaining popularity thanks in part to the Atlantic’s James Fallows (who authored article bluntly titled “Turn On Gmail’s ‘2-Step Verification.’ Now.”), the added security that it provides comes at the cost of convenience. For this reason, 2-step passwords may not catch on unless required by companies.Also problematic is the inevitability of lost, stolen, or damaged phones. While there are ways in place to regain access to your account, most come with security liabilities of their own, and none are foolproof enough to ensure that you won’t be locked out of your accounts for at least a few hours.


Another possibility for the future of authentication is the use of biometrics — that is, physical or behavioral traits — to establish your identity. Biometric methods of authentication have been in limited use since the early 80’s but until the past decade or so were far too costly, intrusive, and slow for widespread commercial use.Now, with the ever-increasing capabilities and continually shrinking cost of computer hardware, biometrics have returned as a viable option for user authentication, and are generally considered the most secure method of authentication (Y’know, since stealing a fingerprint or an eye is considerably more difficult than stealing a password).Historically biometrics have used static information like fingerprint, facial, or retinal recognition to authenticate the identity of users. At this point, fingerprint recognition is still the dominant type of biometric authentication due to its simplicity of use the small amount of space required.As these static forms of biometric authentication become more common though, they also become less secure. For this reason, dynamic biometrics technologies like Google’s recent patent for imaging software that recognizes facial gestures are gaining popularity as a more secure alternative.While Google’s idea involves using specific facial expressions to gain access to accounts and devices, there are several other types of dynamic biometrics in use as well. Signature dynamics, rather than relying on the image of your signature, record variables like pressure and writing speed as you sign, making forgery next to impossible. Keystroke dynamics work in much the same way, but use variables like the pressure and speed of your keystrokes as you type a password.

Physical Keys

Another of the less glamorous possibilities for future authentication is that you may carry around a physical key with your unique login information. This could be something like a USB flash drive that you would insert into your computer, or some sort of token that wirelessly communicates with your computer.Similar ideas are already in use by some government agencies, where authorized employees must swipe their identification cards to log in. Additionally, massively-multiplayer online game World of Warcraft uses RSA key dongles to allow players to sign in.The most obvious prospective problem with this idea is that these keys would almost certainly be small and as we all know, small things can be very easy to lose. Users who lose their key would be responsible for reporting it stolen, much like a credit card, at which point the key would be deactivated and a replacement provided (for a fee, of course).


And now we get to the fun part.At this year’s All Things Digital D11 conference former head of DARPA and current head of advanced research at Motorola, Regina Dugan presented another novel (and arguably creepy) idea for future authentication, “…that you could simply wear on your skin, every day for a week at a time, say an electronic tattoo.” Called a “biostamp”, these “tattoos” would contain antennae and sensors that would operate in much the same way as a physical key, just much smaller and applied to your skin with a rubber stamp.Dugan even came sporting a prototype biostamp made by electronics innovator MC10. Dugan foresees biostamps being available in, “colorful, cool design options,” and thinks the tattoos will go over well with rebellious teens, “…if only to piss off their parents.”Some may be put off by the idea of an electronic identification device attached to their bodies for fear of a dystopian future, but at this point biostamps are only designed to last a week at a time, and are only capable of lasting up to a couple of weeks.Therein lies a problem less exciting to our Hollywood-conditioned sensibilities: How would they be replaced? If individuals kept “packs” of replacement biostamps, what about the possibility of theft? As exciting as this technology is, there are still unanswered questions about its realistic application.

Password Pills

The other futuristic (and mildly disturbing) possibility presented by Dugan was that of an authentication vitamin. She brought along an example produced by Proteus which is already being used in healthcare.The pill would be powered by the acid in your stomach and would give off, “an 18-bit ECG-like signal,” according to Dugan.Dugan’s presentation left a few unanswered questions about this technology as well. The password pill would inevitably be… passed, bringing us to the question of replacements. How would they be obtained and stored, and would there be a way to invalidate stolen pills?

A Future Without Passwords?

Probably not. The bottom line is that despite all the hubbub about the death of the password, passwords will continue to be an important part of the world of digital identity authentication, but will be used in conjunction with these new technologies, as well as ones that have yet to be developed.In the coming years, you’ll likely continue using traditional username and password login credentials for many of your online tasks, simply because they are the cheapest option for businesses, and the easiest (though far from the most secure) option for consumers.Don’t be surprised if in the next couple of years some services start requiring you to have your phone handy for login, though. As smartphones become more and more ubiquitous, and as tech-savvy millennials become a greater part of the digital market, you can expect digital security and authentication to remain a popular topic of discussion, as well as a growing professional field.

Could Your Workspace be Leaking out Corporate Data? Know the Real Score about Spy Monitoring

One of the most basic things you need to consider when doing business online is that the World Wide Web is an open arena with no established security. Once you have learned to appreciate that the inte ... [Read more]

Think Your MAC is Safe? Learn These Insider Tips to Identify and Remove MacDefender Trojans

Macintosh is well-known for being safe, secure, and smooth-running. However, hackers and cyber spies are becoming more and more ingenuous in tapping into private networks and computers that even what ... [Read more]

What Security Companies Won’t Tell You: Pro Reveals Exclusive Scoop on Best Internet Security Practice

Most people think that tight security measures mean spending thousands upon thousands on high-tech gizmos. Some misleading companies may even lure you into buying their services by intimidating you wi ... [Read more]

Are You Well-Equipped Against Hackers? Know the Different Weapons of Computer Protection

People store up important information in their PCs but not many take measures to make sure it is well-guarded from spy monitoring. Computers are almost indispensable to work now but few protect their ... [Read more]

How to Tell the Difference between Anti-Virus and Anti-Malware Tools

People are wiser nowadays when it comes to taking care of their computers. In fact, most computers come with software for protecting the device.Because there are different kinds of threats that can co ... [Read more]

The Only Password Strategy You Need to Know

Managing different accounts online can be quite a daunting task. For one thing, people are now prone to log on online to do what traditionally are done personally such as paying bills, shopping, sendi ... [Read more]

The Right to be forgotten: How a File Shredder Can Wipe out All Data You Want Gone

It has been said that nothing in the internet is lost forever. The price of living in the digital world is that deleting files from your computer or phone is not a permanent fix. Even if you have clea ... [Read more]

Why Strong Firewalls are Not Enough: Debunking File Transfer Misconceptions

A typical business enterprise transfers thousands of files every day. Because this is an essential productivity tool, misconceptions abound as much as the practices associated to it. Could your file t ... [Read more]

Domain Security: Why You Need to Know About SEO Poisoning

Hacking is not only exclusive to obtaining private files and compromising networks. Cyber criminals have now found a way to take hacking to a whole new level, which is, targeting the SEO value of a do ... [Read more]

Experts Release Comprehensive Business Cyber Security Plan

Business owners should not depend on luck or precautions to keep their services safe. Experts agree that every business should have a strategic plan to implement and ensure cyber security. This includ ... [Read more]

Security for E-Commerce: Every Business Person’s Guide to Customer Protection

If you are running a business online, you know that trust is an essential foundation of your trade. It is the element that can make or break your customer relations and ultimately, the stability of yo ... [Read more]

Phishing Emails: Recognize and Keep Malicious Emails at Bay

Cybercriminals or hackers target the personal information of their victims by sending out emails. Otherwise known as a phishing scam, this tactic aims to fraudulently obtain and use personal informati ... [Read more]

How to Use Apple's iCloud Keychain

The latest update to the Mac OS and iOS included a new feature called “iCloud Keychain.” In a nutshell, Keychain allows you to securely store account information like user IDs and passwords, alon ... [Read more]

Is Your Password Really Protecting You?

The definition of “pwned,” according to the online UrbanDictionary, is “to be dominated by an opponent or situation.” Telling someone they’ve been “pwned” or “owned” after an account ... [Read more]

The Future of Passwords

It seems to be the general consensus these days that passwords as we know them are on the way out. As far back as November of last year, Wired’s Mat Honan declared that, “The age of the password i ... [Read more]

25 Worst Passwords of 2012

In 2012, you’d hope the majority of people now know to stay away from common and easily hackable passwords, but with new research from SplashData we unfortunately find this is not the case. Amazingl ... [Read more]

Majority of People and Businesses are Cybercrime Victims [Infographic]

A new survey performed by the Ponemon Institute shows that both businesses and private computer users frequently deal with security issues from hackers and other malicious attackers.The research insti ... [Read more]

QuickLock App Screen Locks Your Mac

/image/quicklock.jpeg ... [Read more]

Why Cybersecurity Is Scary [Infographic]

Are you paying enough attention to online security?If you’re like most computer users, probably not. Trend Micro, a security software producer, performed some research to see how people view online ... [Read more]

Using Your Smartphone for Work? That’s Risky for Your Company

Many companies allow employees to bring smartphones, tablets and other personal devices to work with them. According to a new survey from IT risk & compliance company Coalfire, employers might be putt ... [Read more]

Dropbox Adds Two-Step Verification to All Accounts

Dropbox users can now take advantage of a secure two-step verification process to protect their accounts from unauthorized access. The process requires a cell phone and should help to prevent identity ... [Read more]

38% of People Would Rather Clean a Toilet Than Create a New Password

A new poll shows that people don’t really enjoy thinking of new passwords for their favorite websites. It’s not surprising information until you consider the tasks that respondents preferred over ... [Read more]

The 20 Most Common ATM PINs: Is Yours Leaving You Vulnerable?

You’re probably aware of the importance of selecting a strong password, but you might not realize that you need to exercise similar care when choosing your PIN number. A new analysis shows that many ... [Read more]