Replacing Passwords with Behaviour

Imagine having to continually input your password. If that sounds like a painful and frustrating way to live your life, it’s almost inevitable. Not only is online security now the hottest topic in tech, but with the spread of more and smarter devices, and the coming Internet of Things, the future is going to be one where constant identification is imperative.

However, it looks increasingly likely that you won’t have to input your password manually for much longer. In fact, websites, back accounts and even electronic doors of the future may ask you simply to type something – anything – and from that figure-out if you are who you say you are.

Death of the password

While a good eight-character password is highly secure, the tech industry wants rid of it, as well as PIN numbers. Why? We all misuse them. Surveys have discovered that not only do most of us have only three passwords we re-use again and again, but ’123456′, ‘password’ and ‘qwerty’ remain the three most popular. Ditto for ’0000′, ’1111′ and ’1234′ for PIN numbers. It’s led to an increase in the popularity of static biometrics. The most common so far is the fingerprint, which is now being used to unlock some Android phones, and more recently to allow cashless payments on Apple Pay. Is this secure? It’s been enough to convince banks, at least for small purchases, though how many people have an iPhone or a Samsung phone? They’re hardly ubiquitous, which is what banks require.

Proofs of concept

Since they use proprietary technology, Apple Pay and similar schemes that rely on pricey hardware can only be regarded at best as proofs of concept. Other kinds of static biometrics include scans of your voice, your face or even your ears, but as well as also relying on hardware, these techniques all have the same inherent weakness as a written password. The secure system might confirm that it’s you logging-in to your bank account, for example, but a few minutes later it has no idea who is in control. Static biometrics offer once-only access without any continuous identification.

Behavioural biometrics

The tech world can do far better than that. Cue a new focus on behavioural biometrics, which finds uniquely identifying characteristics not in who you are, but in exactly what you do. While there are several ways of doing this, what’s getting the interest of banks is typing recognition. As you fire-up a banking app on your smartphone, for example, there is software now being trialled by banks that profiles and analyses a person’s typing rhythm. From how quickly you hit and release the keys on your smartphone’s virtual keyboard, to the pressure you apply on the screen as you type, and even the angle you hold the phone at, a model is built of your behaviour that cannot be copied. By using a smartphone’s built-in accelerometer and gyroscope, this behavioural biometric software can create a profile of you just from your typing behaviour – and it works on all smartphones, laptops and keyboards.

Context-driven

Expect to find this new tech embedded into future iterations of smartphones, but also in places where passwords are commonly shared between staff. Think databases in hospitals full of confidential patient information, website paywalls, and software licences in large offices. Is this the end of anonymity? Absolutely, but it’s also the beginning of an era where context-driven, intelligent smart devices and their users finally become one.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>