You can say this about passwords: they're incredibly resilient. Not in a bulletproof kind of way but, more precisely, in terms of how long they've been around.
According to Robert Svensson in his book 'From Hacking to Report Writing: An Introduction to Security and Penetration,' the first computer system to use passwords was built by researchers at the Massachusetts Institute of Technology (MIT) in the 1960's. Shortly thereafter, the computer's passwords were compromised when a researcher exploited a function in the system, enabling him to print out a list of all his colleagues' passwords and then use them to secure a share of his colleagues' allotted usage time.
In the fifty-plus years since, passwords have become routine for users (i.e. routinely needing to be changed up and just as routinely compromised). Even among the IT cognoscenti, they are a constant source of divisiveness, and those in the know have hoped for some time that something better would eventually come along to replace them.
As recently as August 2017, Bill Burr - the author of an eight-page guide on best practices for secure passwords that was eventually evangelized by the US National Institute of Standards and Technology (NIST) - admitted that his guidance on password requirements, which addressed everything from email accounts to login pages, was wrong. 'In the end, the guidelines were probably too complicated for a lot of folks to understand very well and the truth is, it was barking up the wrong tree.'
Nevertheless, the drumbeat from various pundits (and others) in the security industry to finally rid the industry of passwords, continues. No surprise, really, on all the reasons why passwords should just go away:
- They're static
- They're easily hacked/stolen
- They're hard to remember
- They're often re-used from one site to another, maximizing the impact of breaches.
So, if passwords are going away, it's logical to ask what will take their place? In short, a security technology that minimizes friction. For the purposes of this discussion, it's behavioral authentication.
Think of behavioral authentication as the 21st century equivalent of the way that crimes were (and still in most cases are) solved - both in books and in real-life. We all know that fingerprints are unique to an individual; however, an even more dependable and revealing exemplar (and one especially well-suited to today's digital acumen) of who a user is and what they're doing online may be how a user interacts with his (or her) keyboard (e.g. cadence, key strokes, mouse movements, so on).
And before you dismiss the significance of this technology, the Biometrics Research Group predicts that such technologies will produce over $US9 billion of revenue by 2018 for the biometrics industry.
Additionally, Mercator Advisory Group, a trusted advisor to the payments and banking industries globally, recently issued a report entitled 'Biometrics: A New Wrinkle Changes the Authentication Landscape,' that suggests the need for software-based solutions like multi-modal biometric authentication to drive innovation as well as security.
Mercator further suggests that, in time, the concept of 'persistent identity' will dominate. This will be where authentication no longer is solely about a single challenge event such as a fingerprint scan, but evolves into a passive trust value that's uniquely associated with an individual. This 'trust value' will be continually updated based on factors including location, sound, face recognition and, significantly, 'a range of behavioral inputs.'
Address:
3003 East Chestnut Expy
STE# 575
Springfield, Mo 65802
Phone: 1-844-277-3386
Fax:417-429-2935
E-Mail: contact@appdevelopermagazine.com