Open in app

Sign in

Write

Sign in

The “Death of Passwords”

Prasad Talekar
4 min readJan 5, 2019

In times gone by, Authentication was not a complex task. Those days, one person “A” would meet person “B”, they recognize each other by visual appearance, or not. If person A did not recognize person B, he could explain that he was a friend of a friend, or a business envoy, etc., and another person could decide whether to believe him or not.

Then comes the computer era where whole meaning of authentication has changed. Here no can “see” the entity on the remote end of a computer network, and indeed the entity could be a anyone, a friend, a machine, or an attacker. We exchange information about our personal data, health records and finances that we wish to remain as private as any spy correspondence. The World Wide Web adds a new complication since attackers can access our records without the need for physical presence. Whether it is for protection of our own records or our own digital identities, we have been forced to adopt more formal authentication methods even in our common lives.

When it comes to Security, systems and methods are often described as strong or weak and whether they are strong or weak is totally dependent on Authentication. Authentication is the process of positively verifying the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in the system. Authentication factors are usually grouped into these three categories:

1) What you know (e.g., password),

2) what you have (e.g., token), and

3) who you are (e.g., biometric).

For decades, the password has been the standard means for user authentication on computers. However, as users are required to remember more, longer, and changing passwords, it is evident that a more convenient and secure solution to user authentication is necessary. On the other hand with dual core processors and brute force attack techniques it is just matter of “how long will it take” to break any given password based on it’s length.

Currently, there are many password alternatives: PINs, tokens, push notifications… but one alternative has been quietly growing in popularity — your biometrics. It’s a much simpler way to handle authentication and it is the future of identity. It can be defined as the “automated method of identifying or authenticating the identity of a human being based on his/her unique biological/behavioral characteristics” and can either be identification or verification (authentication) system.

Since we all have to remember so many PINs and passwords; switching to biometrics will remove a lot of pain. It’s time to adopt more advanced methods of proving identity. So, biometrics, perhaps even behavioral biometrics, which add an additional layer of security by analyzing exactly how you interact with your device. Biometrics, for authentication are gaining popularity, with fingerprint scans already pervasive on personal devices and facial recognition moving into the mainstream with the latest smartphone models. Recent studies indicate we’re ready to use the same process to make purchases with our credit and debit cards. In India, Aadhaar is a huge biometric database through which the government offers online authentication for public and private sector services. Majority of consumers believe biometrics are easier and user friendly than passwords or PINs and are more secure.

Factors considered while selecting a biometric may vary from application to application but still includes the following.

• Universality: Every person must possess the biometric characteristic (trait)

• Permanence: The trait must be invariant to time. Trait must not be affected by age or any other disease.

• Measurability: The trait must be suitable for easy acquisition in a less time and the acquired data must be suitable for further processing such as feature extraction or dimensionality reduction.

• Uniqueness: Trait of person must be unique and possess sufficiently different properties to distinguish them from one person to other.

• Acceptability: The biometric technology using a particular trait must be acceptable in a large group of relative population.

• Reliability: To ensure high reliability, the biometric technology using a particular trait should not be mask-able.

• Circumvention: The trait should not be reproducible by any other means.

A decade back there were physical and environmental challenges in biometric authentication, many aspects of which were not well understood, especially at large scales. But over the period of time, development of a science of human individual distinctiveness has become effective which helped appropriate use of biometric recognition. Better understanding of biometric traits in human beings under natural physiological conditions and environmental challenges also helped to create precise data collection and analysis.

So while biometric authentication methods are certainly picking up steam, the path to a completely “passwordless” world will be a long journey and, ultimately, users will lead the way.

Security
Cybersecurity
Authentication
Biometrics
Infosec

--

--

Prasad Talekar

Written by Prasad Talekar

6 Followers

CISSP certified Security Professional, focusing on Application Security, Threat Modelling, Incident Response to deliver secured enterprise security products.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams