The Death of the Password
OPINION: The password as a protection mechanism is just awful. With special feature audio.
OPINION: The password as a protection mechanism is just awful. With special feature audio.
The password as a protection mechanism is just awful. It’s been around for decades and it is consistently beaten. Given that we give away valuable and highly personal data without a second thought, “Oh look! Free App!”, you can understand why it is that people are useless at protecting their passwords. ITo create a decent barrier to protect yourself, you have to work quite hard and you have to trust companies that hold your data.
Enter “that creepy Google thing” as my editor put it. Google has a secretive initiative called Project Abacus. Instead of you having to type a password to log on, Google uses your PC, tablet or smartphone's camera to track you, then uniquely identify you by the way you move.
The idea is to kill the password once and for all. The idea is simple; a set of different biometric readings are taken in real-time, all the time, and then Google derives a security score from that. So, on a scale of one through 100, Ian scores an 89% rating, which is good enough for an application or service to figure out who you are.
Here’s where it gets creepy. You would be giving Google biometric information potentially including; your retina, fingerprints, speech patterns, how you walk, other facial markers, and location. You’d be trusting a global megacorp with that information. It would occur seamlessly so that you didn’t have to use that pesky password anymore.
But maybe we don’t care so much about that. We already give away fingerprints, facial characteristics, location, and speech patterns. This just adds more markers, in effect. Given that we are all ready to sell out entire friend list on Facebook to the first shiny survey that comes along, then we shouldn’t worry that much, should we?
If I told you the Security Intelligence Service was monitoring all your email in real-time, your exact location, utilised CCTV to face scan to double-verify that, had your fingerprints on file, had listening posts that recognised and recorded your voice, knew how you moved physically, and then gave that data to other spy agencies as a matter of course, would you be worried?
Because, if you replace the security agency with Google, then that’s what it is. All encompassing, real-time surveillance, that you just bought into.
Of course, there are alternatives to giving in to the all-seeing eye. But they are just a little more difficult to use, and we are lazy. If you don’t believe me, then consider that 7% of all passwords are the word, “password.”
There are a number of services that hold encrypted keys that are locked by you using one single, very strong passphrase. Hint: “The quick brown fox jumped over the lazy dog” is a dumb passphrase.
It then recognises every time you log in to a service and builds a master list of all of your usernames and passwords. Then it gets clever. It can go through and replace all those random passwords with strong alternatives. It’s all encrypted and seamless. Of course, if you lose that passphrase, then, you’ve lost everything.
Other future alternatives are even more farfetched.
Given that our DNA is pretty much unique, an identity reader that could verify that in real-time would guarantee a reasonably high level of security.
Myris, a plug-in iris scanner, is already available for around $400. Again, the iris is largely unique, so it could be a good alternative. Problem is, lugging that technology around is not going to work when we need a ubiquitous system.
Then you could put a chip under your skin. Fraught with risk. The human body doesn’t like foreign objects, it would need to be powered somehow, what if it could just be copied like your credit card?
More interesting is an ingestible authentication device. Motorola has been developing this very thing whereby you swallow a pill and the batteries activate when it hits your stomach acid. You basically become your own password beacon and devices that are close to you automatically open in response.
Habit-based authentication is also patented. If it detects anomaly in the habits of the user, different location, typing, different sleep patterns, it will then disable access until a more reliable method of authentication can be carried out.
Commentators are not convinced that Google’s Project Abacus will fly for all of the same reasons that Google Glass and other edge technologies failed to be taken up. I’m not so sure.
Google Glass was just too weird for people. The problem was that everyone knew you were wearing them and despite all the lovely, airbrushed shots of diverse humans wearing Google Glass, it drew attention to you. Especially when they added the recording light.
The Segway was the same. Billed as the answer to transport in cities everywhere, the general reaction from people when they saw it was “there’s no way I am getting on that thing.”
Given that Project Abacus is hidden from sight and so more personal, then I suspect people would take it up. The reality is they already have. It would just be a switch on of an additional layer of functionality. Google is already collecting all that information as well as listening in on your conversations. “OK Google” will active my phone for me to issue it questions or instructions. Creepily, it sometimes just seems to activate without that key phrase and give me information.
Even if we adopt that level of security authentication by selling every last piece of data about ourselves to Google or another megacorp, it still doesn’t change the fundamental issue we have with privacy. We give our data away for nothing and all the security agencies on earth have nothing on Google, Apple, Facebook, Microsoft, and others.
It’s the illusion of control that allows us to trust those companies, and good branding, while hating the spy agencies and government for the small amount of information they collect, which in this country at least, usually needs a warrant to be useful.
So would I use Project Abacus? Yes, I think I probably would. I’m curious, I’d need to research it and, finally, it’s kind of cool in a sci-fi way.
Would I give all that same data to the SIS to help it in their goals and my personal protection? Nope. Not a chance.
Who would be more likely able to manipulate me, and have a motive too? Google. Hands down. If it knows my habits and is talking to me, then it is a very easy step for it to make suggestions on which way I might drive to work, past which restaurants and shops may have paid a higher street traffic payment that week, herding us all like sheep into advertisers' zones of influence.
Maybe I’m not ready for the death of the password just yet.