What’s in your password? Well, pretty soon, it might be your face.
Passwords Are a Necessary Evil
Passwords have always been a problem. They are necessary for account security but difficult to remember. Making matters worse, every website has different rules for creating a valid password, and of course, for your own security, you should not have a single password for all sites.
This often leads to confusion and frustration for the user. If you make a password too simple to remember, then it’s not worth using. If it’s too complex, you might need to write it down, forcing you to search through the list every time you want to go on a different website. My own six-page list is well-worn. Then again, yes, your computer can save your username and password for a specific site, but is that really secure?
While there are 6.6 quadrillion possible combinations for eight characters of upper and lowercase letters, digits, and 33 special characters, most people take the easy (to remember) path, according to The Wall Street Journal. When RockYou had 32 million passwords stolen in 2009, the number one most common password was “123456.” If a number is required, people add “1” (I’m guilty). When a character is required, they substitute a “$” for an “s” or “@” for an “a” (e.g., “P@$$word1” instead of “Password1”). Hackers are wise to this, so the best strategy is to make your passwords memorable—but still strong. Here’s a tip: the longer the better.
Remember, not all communication requires the same level of security. The security of my bank and brokerage statements are much more important than my utility bill. That’s why I like Striata’s approach of using shared secrets, whose security level (i.e., complexity) can be adjusted to the privacy requirements of the information.
Over time, the entire paradigm will change. As we spend less time on computers and more time on mobile devices, the use of fingerprints and facial recognition will provide better security than most passwords. The integration of phone security with individual applications and sites (like Walletron has done for mobile payments) will be key.
Enter Facial Recognition
According to Christopher Mims, mobile devices will soon be adept at reading faces. Even today, some laptops and mobile devices can read facial features. There is also a new generation of chips from Qualcomm that will have even better facial recognition, one that cannot be fooled by a 3D print of your face. Then there’s the rumor that the next iPhone might have depth perception and facial recognition.
To see where all of this facial recognition is going, simply watch the TV show Person of Interest as they track people morning, noon, and night. On a smaller scale, The Economist reported that Nvidia, the chip manufacturer, will leverage their own chips and use facial recognition at their new headquarters to track employees’ arrivals and departures. I guess the days of clocking in for a friend are over.
Facial recognition will be an unbreakable “password.” The trick is how to simplify the user experience by integrating it into the dozens of websites we visit regularly.