We all know the annoyances of trying to remember passwords for every site we visit. Luckily, our computers can remember passwords for most of our regularly visited sites. If my computer didn’t do this for me – I would be lost.
Although this is extremely helpful, the concept of security should always be in question. If you happen to leave your computer unlocked accidentally or if someone happens to hack into your device, all of your passwords are compromised.
Password managers can be a solution for securely remembering multiple passwords, but even this system isn’t as secure as people think. Even the most reputable password manager can be hacked which happened to LastPass.
According to PCWorld, “For a couple weeks in a row, leading password manager, LastPass was schooled by a security researcher at Google, which found multiple flaws that put its users at risk. One was a “major architectural problem” that could’ve given attackers access to people’s passwords.”
Password managers can be a good way to store passwords, but even this system isn’t as secure as one might hope.
After backlash from the public, LastPass is still trying to fix their reputation and win back the trust of their clients.
The use of passwords just seems like an ancient idea now. Could there be something better?
Using biometric metric sensors in place of passwords may seem like something from a spy movie, but it’s a lot closer to reality than people think. We can already unlock our smartphones with our fingerprints and even more recently with the mere presence of our face. Maybe this new technology can be utilized in other everyday ways. Maybe this technology can be used instead of us trying to remember hundreds of passwords for multiple sites.
World Wide Web Consortium or W3C (the body that controls the web) believes this new WebAuthn protocol is the future. And with their alliance with FIDO, this new standard can make remembering all your different login information a thing of the past.
This alliance could be the catalyst for bringing in a new wave of how we authenticate our presence on the Internet. This protocol could be the beginning of the future.
According to TechTarget:
“After quietly agreeing last month to certify the WebAuthn protocol as a Candidate Recommendation for the web, W3C and the FIDO Alliance are now promoting the protocol as a tool for securely authenticating users on the web using security tokens or biometrics, like fingerprints or facial recognition. WebAuthn, short for the Web Authentication API, is a product of the W3C’s Web Authentication working group working in concert with the FIDO Alliance.”
This protocol and alliance could potentially change the way we use the internet.
W3C and FIDO believe that U2F hardware should replace passwords altogether. And they believe this could be a simple way we authenticate ourselves on multiple devices and multiple locations on the web. These will be like the USB keys we have seen in the past, but would potentially work for many different sites.
According to HowToGeek, “U2F is a new standard for universal two-factor authentication tokens. These tokens can use USB, NFC, or Bluetooth to provide two-factor authentication across a variety of services. It’s already supported in Chrome, Firefox, and Opera for Google, Facebook, Dropbox, and GitHub accounts.”
This idea stems from the YubiKey idea from 2013, but with the new W3C and FIDO alliance, it may soon be more of a reality. In fact, Yubico (the makers of the YubiKey) will provide officially certified hardware for this new venture.
Most people use a variation of the same password for all the sites they visit. Many people just change a number, or maybe they add special character to their original passwords. Some people are so lazy that they use the most obvious passwords.
Iflscience.com listed the top 25 most hacked passwords of 2017. Here are some of the most hacked passwords: 123456 (for the fourth year in a row), Password, 12345678, qwerty, 12345, 123456789, letmein, 1234567, football, iloveyou, admin, welcome, monkey, login, and abc123. These are just some examples of how easy it is to hack into many people’s devices. If this is the norm for many people – biometric authentication is likely stronger than passwords.
Every system has its risks and limitations, and a biometric password system is no exception. There are a couple obvious attack risks within this type of system. The first one comes to mind (just from watching spy movies alone) is the use of a fake fingerprint. The Center for Identification Technology, Research (CITER) at Clarkson University was able to take a 3D-Printed mold of a fingerprint and use it to fool a fingerprint scanner.
One can even get by without using a 3D scanner and printer. There was an instance of someone faking a fingerprint and hacked into a phone with the simplest materials. They made it look like the easiest phone hack that anyone can do.
According to The Verge, “All it took was some dental mold to take a cast, some play-dough to fill it, and then a little trial and error to line up the play-dough on the fingerprint reader.”
This type of thing isn’t only happening with criminals. Certain Federal agencies are also buying fingerprints for their own records, which means security can be compromised in many different ways.
Biometric facial recognition systems can also be hacked. Older versions of facial recognition were easily bypassed with a regular picture of the person’s face. Companies then evolved the system and required a blink test to ensure it wasn’t just a picture of the person. It was found that this newer version is also fairly easily bypassed, but simply using a short video of someone’s face.
This just shows that every technological system has its own set of limitations and hackers will somehow find the flaws in that system.
There will always be upsides and downsides when it comes to anything, and this most definitely includes technology. The reason why we have the technology we have is that it is pushed to get better and better every day, month, and year. People are always finding weaknesses and inadequacies in systems daily, and because of this, the systems and technology, in general, gets better and better.
Hackers will always be pushing each system to get smarter and superior to the one before. They will unquestionably find a way to beat even the best biometric system the same way they are currently able to bypass a system of passwords. When that happens, people will find a new system that is better than biometric authentication. But until then, biometric passwords are the future and may be the best option for keeping your information secure.