There is no such thing as a truly secure password; there are only more secure or less secure passwords. Passwords are currently the most convenient and effective way to control access to your accounts. But passwords are a mess. We have too many; sometimes they are all the same, which makes it easier for a hacker; many passwords are “123456” and easy to crack; and there are numerous ways that a criminal can spy on us to log our keystrokes.
The internet’s weak link is the difficulty in reliably identifying individuals. When online, our identities are determined by IP addresses, cookies, and various “keys” and passwords, most of which are susceptible to tampering and fraud. We need a better strategy.
Currently, positive ID (or “authentication”) is only possible by using a biometric. A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples of static biometrics include your iris, fingerprint, face and DNA. Dynamic biometrics include your signature gesture, voice, keyboard and perhaps gait—also referred to as something you are.
Verification, on the other hand, is used when the identity of a person cannot be definitely established. Various technologies are used provide real-time assessment of the validity of an asserted identity. We don’t know who the individual is, but we try to get as close as we can to verify his or her asserted identity. Included in this class are out-of-wallet questions, PINs, passwords, tokens, cards, IP addresses, behavior-based trend data, credit cards, etc. These usually fall into the realm of something you have or something you know.
Biometrics, it seems, is taking on a whole new meaning.
Mashable reports, “A wristband dubbed Nymi confirms a user’s identity via electrocardiogram (ECG) sensors that monitor the heartbeat and can authenticate a range of devices, from iPads to cars. Developers at Bionym, the Toronto-based company that makes the device, say the peaks and valleys of an individual’s heartbeat are harder to imitate than the external features of biometric systems, like fingerprints or facial recognition.”
And then there are “cognitive biometrics”—yes, brainwaves. For example, when signing up for an account, people are provided pictures to look at, then choose one that would allow them access to their account. When they were to log in, they’d be presented with numerous pictures and when the one they chose showed up, their brain would light up a bit, telling the website to allow access. But while the process has been proven to work, people need to wear a helmet that attaches to their scalp to pick up their brainwaves. So it’s not exactly ready for prime time.
What do you think? Would you wear a bracelet that identifies you? Or a tinfoil hat!?
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.