How Safe is Your Data Really?
In recent months, there have been an increasing number of articles on the problems with passwords and the new technologies that may render them obsolete. Frankly, it couldn’t come at a better time. Practically every device and website now demands a user ID and password. And if keeping track of which ID and password are used where wasn’t already difficult enough, some websites now require the use of complex passwords and force them to be changed regularly. Ugh! The task is almost overwhelming.
Andy Greenberg highlighted another (much scarier) problem with passwords in an article for WIRED: “Researchers at the University of Massachusetts Lowell found they could use video from wearables like Google Glass and the Samsung smartwatch to surreptitiously pick up four-digit PIN codes typed onto an iPad from almost 10 feet away—and from nearly 150 feet with a high-def camcorder. Their software, which used a custom-coded video recognition algorithm that tracks the shadows from finger taps, could spot the codes even when the video didn’t capture any images on the target devices’ displays.
“‘I think of this as a kind of alert about Google Glass, smartwatches, all these devices,’ says Xinwen Fu, a computer science professor at UMass Lowell who plans to present the findings with his students at the Black Hat security conference in August. ‘If someone can take a video of you typing on the screen, you lose everything.’"
Fortunately, there appears to be some relief on the way. In an article for PC World, Jared Newman writes, “Google hasn't been shy in the past about its desire to kill the password…The next version of Android will include several ways to unlock a smartphone without having to enter a PIN or lockscreen pattern, a feature dubbed ‘personal unlocking.’ If the user is wearing an Android Wear smartwatch, the phone will unlock automatically, and you'll be able to set up trusted locations, such as home or work, where a PIN isn't required, or use a voiceprint to unlock the phone. The capabilities carry over to Chrome OS; Chromebook users will be able to automatically authenticate themselves via a paired Android phone, unlocking the laptop and logging into your Google account without ever having to bother with a single password.
Looking to a Password-Free Future
None of these approaches are going to obviate the password outright. They're merely supplements, aimed at keeping you from entering the same string of letters and numbers over and over. The idea is if you can unlock your phone with little effort, you might actually take the extra step of adding a PIN in the first place--a hugely beneficial security practice.
Still, it's easy to see how the added layer of security could spread to other apps and services. Apple is already moving in this direction with TouchID, the fingerprint sensor that's built into the iPhone 5S. Currently, TouchID can only unlock the iPhone and authorize iTunes purchases, but in iOS 8, Apple is opening up the sensor to third-party apps. This will allow users to add an extra layer of security to sensitive apps without requiring a password every time.”
Is the password dead? Well, not yet, but I’m looking forward to the day—hopefully soon—that I can toss my messy collection of user IDs and passwords into the dustbin of technology history.