Dump Your Passwords! 8 Security and Identity Breakthroughs

From electronic pills to digital tattoos, these eight innovations aim to secure systems and identities without us having to remember a password ever again

8 cutting-edge technologies aimed at eliminating passwords
Credit: iStockphoto
8 cutting-edge technologies aimed at eliminating passwords

In the beginning was the password, and we lived with it as best we could. Now, the rise of cyber crime and the proliferation of systems and services requiring authentication have us coming up with yet another not-so-easy-to-remember phrase on a near daily basis. Is any of it making those systems and services truly secure?

One day, passwords will be a thing of the past, and a slew of technologies are being posited as possibilities for a post-password world. Some are upon us, some are on the threshold of usefulness, and some are likely little more than a wild idea, but within each of them is some hint of how we've barely scratched the surface of what's possible with security and identity technology.

The smartphone
Credit: iStockphoto
The smartphone

The idea: Use your smartphone to log into websites and supply credentials via NFC or SMS.

Examples: Google's NFC-based tap-to-unlock concept employs this. Instead of typing passwords, PCs authenticate against the users phones via NFC.

The good: It should be as easy as it sounds. No interaction from the user is needed, except any PIN they might use to secure the phone itself.

The bad: Getting websites to play along is the hard part, since password-based logins have to be scrapped entirely for the system to be as secure as it can be. Existing credentialing systems (such as Facebook or Google login) could be used as a bridge: Log in with one of those services on your phone, then use the service itself to log into the site.

The smartphone, continued
Credit: byryo
The smartphone, continued

The idea: Use your smartphone, in conjunction with third-party software, to log into websites or even your PC.

Examples: Ping Identity -- when a user wants to log in somewhere, a one-time token is sent to their smartphone; all they need to do is tap or swipe the token to authenticate.

The good: Insanely simple in practice, and it can be combined with other smartphone-centric methods (a PIN, for instance) for added security.

The bad: Having enterprises adopt such schemes may be tough if they're offered only as third-party products. Apple could offer the service on iPhones if it cared enough about enterprise use; Microsoft might if its smartphone offerings had any traction. Any other takers?

Biometrics
Credit: tracy lorna
Biometrics

The idea: Use a fingerprint or an iris scan -- or a scan of the vein patterns in your hand -- to authenticate.

Examples: They're all but legion. Fingerprint readers are ubiquitous on business-class notebooks, and while iris scanners are less common, they're enjoying broader deployment than before.

The good: Fingerprint recognition technology is widely available, cheap, well-understood, and easy for nontechnical users.

The bad: Despite all its advantages, fingerprint reading hasn't done much to displace the use of passwords in places apart from where it's mandated. Iris scanners aren't foolproof, either. In addition, privacy worries abound, and they're unlikely to recede once fingerprint readers become ubiquitous on phones.

The biometric smartphone
Credit: HTC
The biometric smartphone

The idea: Use your smartphone, in conjunction with built-in biometric sensors, to perform authentication.

Examples: The Samsung Galaxy S5 and HTC One Max (pictured) both sport fingerprint sensors, as do models of the iPhone from the 5s onward.

The good: Multiple boons in one: smartphones and fingerprint readers are both ubiquitous and easy to leverage, and they require no training to be useful, save for registering one's fingerprint.

The bad: It's not as hard as it might seem to hack a fingerprint scanner (although it isn’t trivial). Worst of all, once a fingerprint is stolen, it's pretty hard to change it.

The digital tattoo
Credit: Motorola
The digital tattoo

The idea: A flexible electronic device worn directly on the skin, like a fake tattoo, and used to perform authentication via NFC.

Examples: Motorola has released a model for the Moto X (pictured), at a cost of $10 for a pack of 10 tattoo stickers, each of which lasts around five days.

The good: In theory, it sounds great: nothing to type, nothing to touch, (almost) nothing to carry around. The person is the password.

The bad: So far it's a relatively costly technology ($1 a week), and it's a toss-up as to whether people will trade typing passwords for slapping a wafer of plastic onto their bodies. I don't know about you, but even a Band-Aid starts bothering me after a few hours.

The password pill
The password pill

The idea: This authentication technology involves ingesting an object into your body -- an electronic "pill" that can send a signal of a few bits through the skin.

Examples: Last year, Motorola demonstrated such a pill produced by Proteus Digital Health and normally used for gathering biometrics for patient care (pictured).

The good: A digital pill makes the authentication process completely passive, save for additional manual authentication (such as a PIN) that might be used.

The bad: Who is comfortable (yet) with gulping down a piece of digital technology? Like the digital tattoo, this doesn't sound like a measure you'd want to take regularly -- perhaps more as a day pass or temporary form of ID.

Voice printing
Credit: Porticus
Voice printing

The idea: Use voice recognition to authenticate, by speaking aloud a passphrase or a text generated by the system with which you're trying to authenticate.

Examples: Porticus, a startup profiled back in 2007, has an implementation of this technology (VoiceKeyID), available for multiple mobile and embedded platforms.

The good: The phrase used to identify you isn't the important part; it's the voice itself. Also, it can be easily changed; speaking is often faster than typing or performing some other form of recognition; and the solution even works in a hands-free environment. Plus, microphones are now standard-issue hardware.

The bad: As with any technology that exists in a proprietary, third-party implementation, the hard part is getting people to pick up on it.

Brainwave authentication
Credit: University of California Berkeley School of Information
Brainwave authentication

The idea: Think your password and you're logged in. That"s right: an authentication system that uses nothing but brainwaves.

Examples: A prototype version of the system, using a Bluetooth headset that contained an EEG sensor, has been demonstrated at the University of California Berkeley School of Information. The "pass-thoughts" used consisted of thinking about some easily memorized behavior, such as moving a finger up and down.

The good: Consumer-grade EEG hardware is cheap, and the tests conducted by the School of Information showed it was possible to detect a thought-out password with a high degree of accuracy.

The bad: Donning a headset to log in seems cumbersome -- assuming you're not spooked by the idea of a computer reading your thoughts.