Say goodbye to the password
Technology companies are developing alternatives, including built-in fingerprint readers, voice recognition and authentication tokens.
Here's the fundamental problem with passwords: They are most effective in protecting a company when they are long, complicated
and changed frequently. In other words, when employees are least likely to remember them.
As a result, technology companies are rushing to provide solutions that are both more secure and more convenient. Many laptops now come with built-in fingerprint readers. Smartphones and other devices, too, are opening up biometric options such as facial and voice recognition.
Apple (AAPL) last year acquired AuthenTec, a developer of fingerprint-sensor technology, and on Sept. 10 it said its new iPhone will come with a fingerprint sensor. Microsoft (MSFT) says its Windows 8.1 operating system, due out next month, is "optimized for fingerprint-based biometrics." Biometric authentication will be usable more extensively within the system, the company says. (Microsoft owns MSN Money.)
Google (GOOG), PayPal, Lenovo Group (LNVGF) and others, meanwhile, have come together in an organization known as the FIDO (Fast Identity Online) Alliance, which is aimed at creating industry standards for biometric and other forms of so-called strong authentication.
A new kind of hardware token
Google is also experimenting with a new kind of hardware token, created by Palo Alto, Calif.-based Yubico. Like the traditional hardware tokens that generate random numeric passwords and which companies have used for years, the Yubico devices generate temporary passwords to be used as a second form of authentication.
But instead of having to read the password off the token and retype it, employees can simply plug the token into a USB port or touch it on a mobile device using near-field communication, a technology through which electronic devices communicate by making physical contact.
Google is testing the tokens with employees this year, and plans to offer them to consumers next year as a way of logging into Gmail and other Google accounts more securely.
Mayank Upadhyay, a director of security engineering at Google, says the tokens are easy to use and have strong encryption.
"We believe that by using this token we've raised the standard of security for our employees beyond what was commercially available," he says. The token works with Google's Web browser Chrome, and "works very seamlessly for people in their day-to-day workflow here at Google," he says.
Bringing smartphones to work
Another new option, from RSA, the security division of EMC (EMC) and creator of the widely used SecurID hardware tokens, is risk-based authentication.
This technology sifts through masses of user data from various groups at a company to establish "normal" behavior, then assigns risk scores to each user. If an employee does something unusual, like log in from a new location, use a different computer, or try to access a system other than his or her usual, the risk score will increase, and the employee may be asked to provide additional authentication, for example by verifying his or her identity over the phone.
Many people expect the security landscape to change rapidly as more and more employees bring their own smartphones and other devices to work. While the proliferation of individual devices is often seen as a security threat, some analysts suggest that mobile devices can improve security by making it easier to use biometric authentication. Most mobile devices feature a microphone and camera, and can pinpoint an employee's location as well.
"We think that biometric authentication is going to be significantly more popular, and the driver and enabler of this is mobile computing," says Ant Allan, research vice president at Gartner.
He explains that for large enterprises, installing new hardware for each employee can be very expensive, thus a system that draws on commonly owned personal devices has clear economic advantages. Moreover, employees with mobile devices are likely to find a fingerprint reader much easier to use than remembering and typing passwords.
Use your brainwaves
Other developers of groundbreaking security tools include Agnitio of Madrid, which makes voice-recognition software used in law enforcement. The company has developed a system that allows workers to log in by speaking a simple phrase.
London-based PixelPin, meanwhile, wants to replace passwords with pictures. Choose a picture of your spouse, for example, and log in by clicking on four parts of her face in a sequence you've memorized. A photo is easier for people to remember than a text password, and harder for others to replicate, says company co-founder Geoff Anderson.
And, looking further into the future, researchers at the University of California, Berkeley, are studying the use of brain waves as authentication. Test subjects in the research wore a headset that measured their brain-wave signals as they imagined performing a particular task, and the researchers were able to distinguish between different people with 99% accuracy. In theory, an imagined task like this could become a worker's "passthought."
Most experts expect companies to use a variety of different measures. Saratoga Hospital, in Saratoga Springs, N.Y., for example, uses fingerprint readers as a more secure alternative to passwords. But while they've solved many of the hospital's security problems, the print readers don't work for everyone. A few elderly volunteer workers struggle to hold their hand still, and the readers don't work when people are wearing gloves, or when their hands are too dry, says Gary Moon, security analyst at the hospital. Some employees also have refused to hand over their prints.
As a result, Moon says, the hospital is still using passwords as a backup security system.
"There really isn't any 'one size fits all' in authentication," says Vance Bjorn, founder of DigitalPersona. in Redwood City, Calif., which supplied the fingerprint readers to Saratoga Hospital. Companies need access to a combination of different technologies, Bjorn says.
"One technology solves certain problems, but it might not be the right mix of security, convenience, cost and ease of deployment for everyone."
More from The Wall Street Journal:
i'm getting sick of all this new technology! more crap to break down and more cost and more junk
we really don't need to survive! people buying new phones ipads notebooks ever six months to
a year are morons! what a racket all these companies have going! it's like buying a tv every six
months cause they came out with a new one! STUPID!
Not too long ago, one of my students, named Peter, told me a story that captures rather nicely our society's misguided efforts to deal with dishonesty. One day, Peter locked himself out of his house. After a spell, the locksmith pulled up in his truck and picked the lock in about a minute.
"I was amazed at how quickly and easily this guy was able to open the door," Peter said. The locksmith told him that locks are on doors only to keep honest people honest. One percent of people will always be honest and never steal. Another 1% will always be dishonest and always try to pick your lock and steal your television; locks won't do much to protect you from the hardened thieves, who can get into your house if they really want to. The purpose of locks, the locksmith said, is to protect you from the 98% of mostly honest people who might be tempted to try your door if it had no lock.
I am not a religious nut, haven't been to church in years. However, in the Bible, Revelations chapter 13 verses 16-18, reference is made to the mark of the beast, and that no one can buy or sell without this mark. All of this sounds too much like that. We went from cash, to checks, to cards with pin numbers, to passwords, to fingerprints, to voice recognition, to..... well let's just say that if every person were to receive a permanent "mark" (maybe "chip") on their right hand, (or on their forehead for either convenience or if someone is "right-handed challenged"), this would be the only way to buy or sell. You go to Walmart you don't bring cash, check, credit card, debit card, pin number, password, nothing. Just talk to (scan) the hand....
And he causes all, the small and the great, and the rich and the poor, and the free men and the slaves, to be given a mark on their right hand or on their forehead, and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the beast or the number of his name. Here is wisdom. Let him who has understanding calculate the number of the beast, for the number is that of a man; and his number is six hundred and sixty-six.
This is all just another stepping stone toward the mark of the beast mentioned in Revelation 13:6-8 where people will not be able to buy or sell without it.
The End Times are definitely here. They will be ushered in by reason of fear and convenience. There is nothing wrong with current passwords, but we are being made to fear that there could be bad things up ahead if we don't conform to the new way of doing things. Fear makes people think we need some new measure to protect us.
The other factor is convenience - people always want what is trendy, easier, etc. So on the one hand, we'll be made to believe and fear we really need all of these new security measures to keep us safe. On the other hand, people will want to have the latest and most hip stuff, they'll want to do what is easiest, and they'll want to be able to impress others. This is how the End Times are going to be ushered in.
Folks, put your hope and trust in Jesus Christ. The government is not going to save you and take care of you.
Copyright © 2013 Microsoft. All rights reserved.
Start investing in technology companies with help from financial writers and experts who know the industry best. Learn what to look for in a technology company to make the right investment decisions.
It may sound trivial, but the on-demand video company is selling used content at an unsustainably low price.
VIDEO ON MSN MONEY