From ear impressions to measuring a user’s gait for authentication, a password-free future is just around the corner
THE FUTURE is replete with options that could replace the much-maligned traditional passwords. In a few years, user authentication could be confirmed by a person’s eye blinking or typing pattern. A person’s location or style of holding a phone could also be key to a secure future. Here are some future alternatives to the conventional password:
With zero-interaction authentication (ZIA)—a method in the works—a user doesn’t need to interact with a terminal to log on to it. Instead, another device or security key he/she is carrying—smartphone, car keys, pen drive, etc—interacts with the terminal, confirms the user’s identity and allows them to log on. This interaction between the terminal and the security key takes place wirelessly through Bluetooth, near-field communication or radio frequency identification.
As per a recent report in an IT business e-newsletter by Hewlett-Packard Enterprise, an IT enterprise company, this form of authentication is based on a user’s individuality. Persona-based authentication relies on a combination of ‘geographical’ and ‘behavioural’ elements—location and details of a user’s terminal, the way they hold their smartphone and type, the tone of their voice, their walk, eye blinking pattern, etc—that are unique to an individual.
‘Account Key’ feature
Some companies have introduced tools that could as well mark the beginning of the end of conventional passwords. Take, for instance, Yahoo. In October 2015, the Marissa Mayer-led American multinational technology firm launched its ‘Account Key’ feature, which uses push notifications for user authentication. So when a user tries to log in to their mail on a device, they get a notification on their smartphone. To enable the sign in, they have to tap ‘Yes’ on the notification sent to the phone. This ensures that it’s the user signing in and not someone else. “Account Key is a big step forward for a password-free future. It streamlines the sign-in process with an interface that is not just easy to use, but also more secure than a traditional password. With Account Key, nobody else can sign in even if they get your account information,” says Dylan Casey, vice-president, product management, Yahoo.
Trust score system
Technology giant Google, too, has plans to do away with traditional passwords for good. A soon-to-be-launched system called Trust API helps users sign in and unlock devices through a ‘trust score’. This score is calculated using a variety of behavioural factors, including a user’s location, facial recognition, typing pattern, etc.
Strong encryption standards
Some apps use multi-factor authentication, which entails verification by at least two factors before a user can log in. Here, strong encryption standards like Advanced Encryption Standard-256 (AES-256), a secure encryption algorithm, can add an extra layer of security. “If an organisation has a huge amount of sensitive information, using multi-level authentication can make it much more secure,” says Melanie Duca, consumer marketing director, Asia-Pacific, Intel Security, a computer security software company.
Even though security experts have voiced concerns about costs incurred while using biometrics for user authentication, it is still quite popular. Some smartphone-makers already employ biometric solutions to bulk up security—fingerprint scanners are one example. Some app developers, however, believe fingerprint scanning is passé. Ergo, an Android application, uses the ear as a biometric indicator, using the capacitive touchscreen to record a user’s unique ear impression. Users can unlock their phone by simply tapping their ear at the centre of the screen. Some other concepts include measuring a user’s gait. This is done through a wearable device fitted with an accelerometer and gyroscope. The information is then used to log in to a computer by matching it against pre-recorded specimens.