Tech

4 technologies that could kill the password

Cadie Thompson

2015-11-01T14:02:00Z

iphone 5s fingerprint scanner for password

If the barrage of data breaches and hacks over the past few years has taught us anything, it's that passwords alone provide a pretty weak security system.

The problem is that a string of letters and characters alone will always be relatively easy to hack or steal, especially through trickery like phishing attacks over email. And to make matters worse, many people use the same password for more than one account, making it easier to get hold of all kinds of valuable personal information.

But the good news is the tides are slowly changing, and companies are increasingly experimenting with emerging technologies that could replace passwords.

Here's a look at the four password alternatives that companies are working on now.

Researchers are studying how to use brainwaves for security.

It sounds far-fetched, but researchers claim that computer brainwave-based authentication is a viable alternative to manual passwords.

By using sensors to capture electroencephalograms (EEGs), or the measurement of brain waves, computers can authenticate identity.

Most recently, scientists at the Binghamton University in New York recruited 45 volunteers and measured how each person's brain responded to certain words. The researchers recorded each brain’s reaction, which were all different. That information was then used by a computer system to identify each person with 94% accuracy.

The scientists at Binghamton call these password-replacing brainwaves “brainprints,” but they aren’t the first to propose the idea. In 2013, researchers at UC Berkeley School of Information conducted a similar experiment using a $200 brainwave-reading headset and dubbed the term “passthoughts.”

Before then, other researchers had proved this could be done, but the technology to capture the necessary EEG data was expensive and invasive.

With EEG sensors becoming cheaper, it’s a more viable option.

Your heartbeat provides a unique pattern that can replace passwords.

The Canadian company Nymi sells a wearable device that uses a person’s unique heartbeat, or electrocardiogram (ECG) measurements, to authenticate identity.

The wearable device communicates via Bluetooth with other enabled devices like a smartphone or laptop to verify the identity of the wearer.

Nymi announced recently the device can also be used to make transactions. A user just places the wearable device close to the payment terminal while wearing the band to make a purchase.

Here’s how it works: The band features two ECG sensors, one on the interior of the band touching the wrist and another on the outside of band. A user’s ECG data is captured once they tap the sensor on the top of the band.

So after a user sets up their profile, all they have to do to verify their identity to unlock certain devices is tap the sensor on top while they are wearing it.

From voice recognition to ambient noise, sound can be used to strengthen security.

Another form of biometric data that companies are exploring is using sound as a way to enhance security for authentication.

Earlier this month the Dutch bank ING released an app that basically enabled users to replace their passcodes with their voices.

Users can log into their bank accounts, make transfers, and check balances using the app, which is powered by voice-recognition technology by the company Nuance.

The reasoning was that mimicking a person’s voice is believed to be much more difficult than getting their card or guessing their password.

But other sound can also be used to help secure traditional password systems.

Last week, a team of researchers at the Swiss Federal Institute of Technology in Zurich, Switzerland, revealed a tool they created called Sound-Proof that uses ambient noise to enhance the security of two-factor authentication.

Here’s how it works: When you try to access a site that has implemented Sound-Proof, the server will prompt the app on your phone to start recording. At the same time your computer will also begin recording a few seconds of ambient noise.

The Sound-Proof software creates a digital signature for the recording from each device and then compares them. If they match, the system grants you access to the site without your having to enter a second pin because it assumes your smartphone is in the same room with you.

Facial recognition is already coming to more smartphones, tablets, and computers.

Windows Hello facial recognition — Windows 10 has facial-recognition technology built in; it enables users to bypass the login page using their face. YouTube/Microsoft

Facial-recognition technology is slowly beginning to enter the consumer market for security purposes.

Microsoft, for example, introduced a feature in Windows 10 called Windows Hello that allows users to bypass login passwords or passcodes by simply using their face as a password replacement.

However, the company does not just let users take a picture with any web camera to verify their identity for Windows Hello.

PC makers have started including Intel’s RealSense 3D camera into a small number of its devices to enable the feature. The infrared camera can sense depth, enabling a greater measure of security.

Google has also implemented facial-recognition technology into Android devices that can unlock phones and tablets with a simple shot from a low-grade phone camera, but this is less secure than using an infrared camera.