The (Eventual) Death of the Password | Tier10lab
Recently, Samsung released their new Galaxy S5 complete with a fingerprint reader. This fingerprint scanner doesn’t simply unlock your phone; it also logs you in to PayPal, which then connects you to multiple different payment systems. Through this, you’ll no longer need a password to gain access to many mobile sites while surfing the web on your smart phone.
Samsung’s fingerprint reader is only one of many new technologies tentatively entering the market. Google has also been working on a USB key fob to log users into their Google accounts that’s anticipated to be out later this year. Microsoft is keeping very hush hush, but it has hinted at an “alternative to passwords” that would fall into the same category as the work at Samsung and Google.
This release of new password technology has been long in the works, beginning with a group called FIDO Alliance in 2012. FIDO started when PayPal made its first move to combat password vulnerability in 2010 by starting a conversation between PayPal head of security Michael Barrett, fingerprint security entrepreneur Ramesh Kesanupalli and the founder of Secure Sockets Layer (SSL); Taher Elgamal, one of the most renowned cryptographers in the world. Soon after deciding to forge into new security technology, the group launched the FIDO Alliance with PayPal and five hardware companies.
FIDO has been working to create a connection between hardware, like these fingerprint readers, and online services. Big names in tech and finance, from Microsoft and Google to Bank of America and MasterCard, have gotten involved in supporting the hardware – service relationship. With the reveal of the Galaxy S5, Samsung is presenting the first phone to embrace the FIDO spec.
The biggest impact that this sort of technology will have will be in killing off what we’ve come to know as a stereotypical password. No longer will we require over seven characters, one uppercase, one numerical; only fingerprints and iris scans. This might be exactly what we need for our modern world, seeing as the password was invented in the 60s and is becoming well outdated.
In the 60s, stealing someone’s password could have been funny, but now, stealing a password can have major consequences. Hackers can find passwords from data breaches or simply by engineering a fake customer-service rep, gaining them access to a person’s entire Internet life. There are ways to split passwords between systems or make them more complex, but this still doesn’t solve the problem.
The FIDO Alliance’s secret weapon for combating this kind of password fraud is called Zero-Knowledge Proof, which would allow users to log into a site with a fingerprint or iris scan and confirms the user’s identity without giving away any information about them. In this way, a single local device could provide user authentication and give the user access to the entire web. In our mobile world, a new device might not even be necessary.
With the Samsung S5, it’s the combination of the user’s fingerprint and their specific phone that provides access to locked content. This makes the the phone considerably harder to infiltrate, because while one could steal a phone or fake a fingerprint, it would be incredibly difficult steal both. Plus, with Zero-Knowledge Proof this information can be used for everything you log in to.
While FIDO has many supporters and big companies like Google are taking on an even bigger role in the development of new password technologies, one major name has yet to sign on – Apple. The iPhone 5S Touch ID is currently the most used fingerprint scanner out there and it’s being kept under wraps from both FIDO and even iOS developers. What with the secrecy surrounding Touch ID, it could pose a serious threat to FIDO’s plans for future password technology.
Despite this kind of impending threat for print scanning, FIDO still has a chance to come out on top in terms of overall authentication. With an open plan, companies like Samsung can easily replace a fingerprint scanner for an iris scanner if it will suit their users better.
However promising the new technology being pushed forward by FIDO looks, it’s still hard to tell how successful fingerprint and iris scanners will be at this stage in development. There’s no telling whether or not customers will find these scans creepy or frustrating when unable to use their friends’ devices. On the other hand, what modern technology user wouldn’t choose one simple log-in system over copious amounts of passwords?
[ Source: The Verge ]