Passwords: What’s the alternative?

We all know the importance of setting strong passwords. We also know that “password” is still one of the most common passwords. And, even with strong passwords, breaches are also common. So, what’s the alternative? How do we protect ourselves from the insecurity of a mere password?

A small tech group has started Petition Against Passwords, insisting that it’s time to find a better way. Their reasons for the petition include a number of facts about passwords including:

• 70% of users have forgotten at least one password in the last month.
• 55% of security professionals don’t think passwords are secure.
• 90% of internet users think their passwords are secure, but most are wrong.
• There have been more than 1800 data breaches made public since January 2012.

They group is advocating for finding a secure convenient alternative to passwords. Unfortunately, nothing has surfaced that meets those criteria.

The password alternatives

Even Bill Gates was calling for the end of the password as far back as 2006. Gates suggest we need to move toward smartcards and authentication built into systems themselves. That wasn’t the first time Microsoft talked about eliminating passwords, but their first attempt to do so failed. Microsoft hasn’t come up with a viable replacement for passwords since.

There are more secure alternatives to passwords; unfortunately, they tend to be more expensive or difficult for users. Security experts have yet to agree on any viable alternatives.

Biometrics

One possibility is to use biometrics instead of passwords, fingerprints or facial scans. We already have the technology. However, the problem is that the technology hasn’t been built into common user devices such as most smartphones and tablets. To use biometrics with these types of devices usually means purchasing additional hardware, which is neither inexpensive nor convenient.

Still in experimentation mode

Electronic tattoos

Maybe one day your body art will be keeping you secure. Motorola recently showed off their electronic tattoo that’s ultra-thin and even wrinkles like real skin. The electronic tattoos are actually adhesive chips made up of sensors, LEDs, transistors, radio frequency capacitors, wireless antennas and conductive coils and solar cells for power. These chips are not ready for the market and are still in experimental stages.

Brainwave authentication

Thought based authentication that requires a headset and captures EEG signals is in the works. Recent research shows this is possible, but we’re a long ways from throwing out passwords because of this technology. Test results are interesting and further experimentation is being pursued, but this technology going mainstream is years in the future, optimistically.

Pills for passwords

Motorola is also working on a pill that, when swallowed, would turn your body into a password. Users would provide passwords to Motorola who would then create a custom pill with an electronic chip inside that turns your body into an authentication device. This one might be a bit tough to swallow. Critics suggest that this type of authentication could have hackers adding kidnapping to their resumes. I wouldn’t expect to see this pill on the market in 2014.

We may not be there yet, but the concept of a password is getting a lot of attention, and not just from cybercriminals. While some of these alternatives may seem bizarre today, creativity and concentration on solving the password problem will hopefully lead to stronger security for all of our online accounts in the future.