They say the password is dead, but that might seem ironic as you click “Forgot your password?” for the fifth time today. That said, the password is no longer as safe and reliable a security measure as it once was. There is currently a lot of R&D going into creating better user authentication tokens. These new authentications range from the fascinating to the downright scary.
Discontent with the one-step username/password model is already moving us towards two-step authentications. For example, the U.S. Social Security Administration now requires a second authentication of cell phone/email for users to gain access. You’ve no doubt seen this method elsewhere, when a site texts you an access code to login or sign up.
The challenge, however, is to decrease friction, and two-step authentication is one step in the wrong direction. We’ve already seen what there friction-free technologies might look like with fingerprint recognition systems, popularized by Apple ever since the iPhone 5S. This form of biometric tech is great for devices equipped to read it. But in order for a true paradigm shift to occur, biometrics as authentication will need to work on a variety of devices, old and new.
One of the most novel ideas in biometric authentication is the “Selfie ID” where users can simply take a selfie to prove it’s them. MasterCard has even rolled out its “selfie pay” application already in Europe.
Another interesting biometric that utilizes a device’s camera is the “Earlobe ID.” Like fingerprints, no two ears are alike. Unlike the fingerprint, the earlobe can be mapped by a camera just like a selfie.
Selfies, ears… these are external biometrics, which for some developers just don’t go deep enough. Paypal is currently tinkering with the concept of ingestible devices—powered by STOMACH ACID—which can read your unique vitals and verify your authenticity remotely to a security measure. However, this method might be too much to swallow for most consumers.
But as far-fetched or as unlikely as some of these methods might be, nothing takes the creepy cake quite like “Cognitive Mapping” technologies. These track your behavior online: how you type, how you mouse, how you hold your device… basically what you do and how you do it online. These and many other variables can be combined to authenticate your identity.
All of these emerging techniques may be superior to username/password authentication in that only you may be granted access using them. However, in the inevitable event of a data breach, card numbers and passwords remain superior because they can always be changed. Once your biometric or cognitive information is compromised, it’s out there for good.
Even with all the drawbacks of the user/password system, it may be around for a little bit longer. Despite these promising developments in user authentication, it comes down to whether users will adopt them. Even if we are ready to replace the password right now, it may be some time before users are willing to entrust us with these highly personal identifiers.