13 technologies that are safer than passwordsJuly 27, 2017 | ZDNET
Vein scans, eye scans, fingerprint scans and more up the security game
As we’ve learned over and over again, passwords are failing us. But maybe the fingerprint can save us.
“Fingerprint sensors are the most widely adopted of all biometric technologies,” says Jason Chaikin, president of the biometric authentication developer Vkansee.
They’re easy to use, and difficult (though not impossible) to fool. The technology, common on smartphones, reads your digit’s unique pattern of ridges.
Not much room for error
Apple says the probability of two different fingerprints registering as the same fingerprint on one of its devices with Touch ID is “1 in 50,000.”
“By comparison,” the company notes, “the odds of guessing a typical 4-digit passcode are 1 in 10,000.”
Now in the prototype stage, and expected on the commercial market in 2018, NEC’s wearable, earbud-esque device aims to best passwords with technology that emits a signal and then identifies the user by the resulting “sounds emitted by the inner ear.”
A Scientific American columnist called face-reading scanners his favorite alternative to the old “123456.”
It’s “secure, effortless and available now,” David Progue wrote in 2016.
Tough to fool
The biometric system that inspired Scientific American’s praise was Windows Hello, which allows properly equipped Windows 10 users to log in with fingerprints, iris scans — or face scans.
“You can’t fool [the face scan] with a photograph, a 3-D model of your head or even an identical twin,” Progue wrote.
A leading manufacturer of the technology calls the iris scan “the most accurate human identifier other than DNA.” The false-accept rate, according to EyeLock, is “1-in-1.5 million for a single eye.”
Rumor has it the forthcoming iPhone 8 will feature an iris scanner. Other smartphones, including the notorious Samsung Galaxy Note 7, already have.
This infrared technology can confirm “liveness,” as Vkansee’s Chaikin puts it.
“[It] allows moving blood and other things that can only happen on a living person to be recognized,” he says.
Finger-vein focused: Hitachi
“Hitachi has most of the technology for finger-vein recognition,” Chaikin says.
The company’s scanners are widely used by banks, especially in Japan.
Barclays is so bullish on this technology that the bank has pulled the plug on passwords and security questions in favor of voice recognition for its phone-using personal-banking customers.
More unique than you think
” … [U]nlike a password,” Steven Cooper, CEO of Personal Banking at Barclays, said at the system launch, “each person’s voice is as unique as a fingerprint.”
Barclays said its technology would identify the customer “from the first few words that are spoken.”
Either in physical or software form, this tech generates random passwords that, as billed, may only be used once. It’s a more-secure alternative to the static password — i.e., the one you create, perhaps scribble down and proceed to key in for months, if not years, on end.
Use with passwords
Chaikin of Vkansee warns that the one-time password is “just one layer of a larger security system.”
“When a one-time-use token, such as a one-time-use password, is added on top of a password and login, it helps with multiple-layer authentication,” Chaikin says.
Windows 10 PINs
You can still log in to a Windows 10 device with a password, but Microsoft requires a PIN to access Windows Hello, because, as it argues at length, the PIN is flat-out “better.”
One reason: “… [T]he PIN is tied to the specific device on which it was set up,” Microsoft says. “That PIN is useless to anyone without that specific hardware.”
Passphrases tend to be longer than passwords — and that’s why they’re safer. More words, more characters and more spaces mean hackers must spend more time doing their dirty work.
“I can’t stress enough the importance of having length paired with complexity,” wrote the software-test engineer behind the blog Crambler.
If a long passphrase offers more security than a short password — and it does — then it follows that a two- or even three-step authentication process trumps a one-step.
In practice, this means that when you log in to an account, you are expected to provide not only a password (something you know), but also perhaps a one-time password (something you have) or a fingerprint (something you are) — and maybe both.
Dubbed a password-killer, this technology IDs you by the way you use, interact with or even hold your smartphone.
“We can even measure air pressure using the barometer on the latest smartphones, which can give us another indication of where the phone is and whether that corresponds to where the user says he is,” Zia Hayat, chief executive of Callsign, told the BBC.
Banks, including Deutsche, have given the technology trial runs.
As with finger-vein recognition, palm scans analyze vein patterns via infrared technology. They’ve been enlisted not only by the banking industry, but also hospitals.
“Palm scanning is 100 percent more accurate than fingerprints,” Nader Mherabi, chief information officer at NYU Langone Medical Center in New York, said to CBS News.
Would you use one on your laptop?
The Japanese tech company Fujitsu’s PalmSecure has been used to safeguard ATM transactions, and even laptops, where a hovering hand over the scanner is all the system needs to authorize a log in.
Eyeballs and veins aren’t the only unique body parts we’ve got. Your ears are one of a kind, too, so to speak.
Your ears are unique
The dual-screen Siam 7X smartphone made a splash in part by deploying technology that “utilizes a device’s camera to authenticate or identify a user from their unique ear features.”