Blog

Let’s see if I can guess your password. 123456? qwerty? Password1? Let’s try abc123, 111111, monkey or Trustno1 (very clever on that last one)? Did I guess correctly? If so, congratulations on having one of the twenty five most popular (moronic) passwords of 2015.

We are all aware of the password circus. Effective passwords are near impossible to remember and easy passwords are barely worth the effort to put in place. Even if you are able to stumble upon a complex password you can remember, here comes the thirty day prompt to change it with a “ten character ? no less than five symbols ? alphanumeric password” that would have Rain Man scratching his head. We are not treading on unfamiliar territory here. The frustrations of passwords have plagued us for decades. We have also heard the "end of passwords" chant before by industry leaders such as Bill Gates. Yet here we are, sticky notes with Batman1 on our monitors and keyboard undersides wondering why security is so frequently compromised.

But it would appear that we really can see the horizon line on the end of passwords. Microsoft is unveiling several options aimed to eliminate the need for passwords. The technology behind this is called Fast Identity Online also known as FIDO. Windows 10 will be supporting this methodology via “Windows Hello”.

What this means is the ability to access your computer via face, iris, voice or a fingerprint. Logins via dongle are also supported (smile).

This technology will go beyond desktops to include Apple’s Touch ID for the iPhone and iPad taking advantage of biometric fingerprints to replace passcodes. Samsung, not to be left behind also has a fingerprint reader for its Galaxy S5. Convenience is nice, but how do fingerprint readers stack up against passcodes from a security standpoint. Apple has stated that one would have to attempt fifty?thousand fingers to get a random match versus the one in ten?thousand chance of guessing a passcode with four digits. It is promising that some banks have already announced they will transition to touch identification for customer bank account access.

Will the shift to biometric security via Apple and Microsoft’s new technology help to reduce the billions of passwords leaked yearly? Almost certainly. One cannot easily forget their fingers or eyes and it is quite difficult to write either of them down on a piece of paper. In addition, the systems used by Microsoft and Apple have evolved to not store all passwords or biometric information in one central storage area but rather store them locally. This method makes if far more difficult for a hacker to gain access to a large pool of identification as is commonly done today.

Convenience, better security, what’s not to like. For starters, any comfort gained from a vague sense of ambiguity tied to passwords is lost for the precision of biometrics. The concept of online or local retailers having access to your fingerprints adds a level of personal discomfort previously not felt with random key codes. Biometrics allows for certainty of identity demanding caution in how this information is used. For example, this type of data may prove very tempting to various intelligence services. It's quite a bit easier to reset your passcode than it is your fingerprint.