Say goodbye to the password

Technology companies are developing alternatives, including built-in fingerprint readers, voice recognition and authentication tokens.

By MSN Money Partner Sep 16, 2013 5:38PM

Smartphone users logs inBy Andrew Blackman, The Wall Street Journal 

Here's the fundamental problem with passwords: They are most effective in protecting a company when they are long, complicated

Wall Street Journal on MSN Money

 and changed frequently. In other words, when employees are least likely to remember them.


As a result, technology companies are rushing to provide solutions that are both more secure and more convenient. Many laptops now come with built-in fingerprint readers. Smartphones and other devices, too, are opening up biometric options such as facial and voice recognition.

Apple (AAPL) last year acquired AuthenTec, a developer of fingerprint-sensor technology, and on Sept. 10 it said its new iPhone will come with a fingerprint sensor. Microsoft (MSFT) says its Windows 8.1 operating system, due out next month, is "optimized for fingerprint-based biometrics." Biometric authentication will be usable more extensively within the system, the company says.  (Microsoft owns MSN Money.)


Google (GOOG), PayPal, Lenovo Group (LNVGF) and others, meanwhile, have come together in an organization known as the FIDO (Fast Identity Online) Alliance, which is aimed at creating industry standards for biometric and other forms of so-called strong authentication.

A new kind of hardware token


Google is also experimenting with a new kind of hardware token, created by Palo Alto, Calif.-based Yubico. Like the traditional hardware tokens that generate random numeric passwords and which companies have used for years, the Yubico devices generate temporary passwords to be used as a second form of authentication.


But instead of having to read the password off the token and retype it, employees can simply plug the token into a USB port or touch it on a mobile device using near-field communication, a technology through which electronic devices communicate by making physical contact.


Google is testing the tokens with employees this year, and plans to offer them to consumers next year as a way of logging into Gmail and other Google accounts more securely.


Mayank Upadhyay, a director of security engineering at Google, says the tokens are easy to use and have strong encryption.


"We believe that by using this token we've raised the standard of security for our employees beyond what was commercially available," he says. The token works with Google's Web browser Chrome, and "works very seamlessly for people in their day-to-day workflow here at Google," he says.

Bringing smartphones to work


Another new option, from RSA, the security division of EMC (EMC) and creator of the widely used SecurID hardware tokens, is risk-based authentication.


This technology sifts through masses of user data from various groups at a company to establish "normal" behavior, then assigns risk scores to each user. If an employee does something unusual, like log in from a new location, use a different computer, or try to access a system other than his or her usual, the risk score will increase, and the employee may be asked to provide additional authentication, for example by verifying his or her identity over the phone.


Many people expect the security landscape to change rapidly as more and more employees bring their own smartphones and other devices to work. While the proliferation of individual devices is often seen as a security threat, some analysts suggest that mobile devices can improve security by making it easier to use biometric authentication. Most mobile devices feature a microphone and camera, and can pinpoint an employee's location as well.


"We think that biometric authentication is going to be significantly more popular, and the driver and enabler of this is mobile computing," says Ant Allan, research vice president at Gartner.


He explains that for large enterprises, installing new hardware for each employee can be very expensive, thus a system that draws on commonly owned personal devices has clear economic advantages. Moreover, employees with mobile devices are likely to find a fingerprint reader much easier to use than remembering and typing passwords.

Use  your brainwaves


Other developers of groundbreaking security tools include Agnitio of Madrid, which makes voice-recognition software used in law enforcement. The company has developed a system that allows workers to log in by speaking a simple phrase.


London-based PixelPin, meanwhile, wants to replace passwords with pictures. Choose a picture of your spouse, for example, and log in by clicking on four parts of her face in a sequence you've memorized. A photo is easier for people to remember than a text password, and harder for others to replicate, says company co-founder Geoff Anderson.


And, looking further into the future, researchers at the University of California, Berkeley, are studying the use of brain waves as authentication. Test subjects in the research wore a headset that measured their brain-wave signals as they imagined performing a particular task, and the researchers were able to distinguish between different people with 99% accuracy. In theory, an imagined task like this could become a worker's "passthought."


Most experts expect companies to use a variety of different measures. Saratoga Hospital, in Saratoga Springs, N.Y., for example, uses fingerprint readers as a more secure alternative to passwords. But while they've solved many of the hospital's security problems, the print readers don't work for everyone. A few elderly volunteer workers struggle to hold their hand still, and the readers don't work when people are wearing gloves, or when their hands are too dry, says Gary Moon, security analyst at the hospital. Some employees also have refused to hand over their prints.


As a result, Moon says, the hospital is still using passwords as a backup security system.


"There really isn't any 'one size fits all' in authentication," says Vance Bjorn, founder of DigitalPersona. in Redwood City, Calif., which supplied the fingerprint readers to Saratoga Hospital. Companies need access to a combination of different technologies, Bjorn says.


"One technology solves certain problems, but it might not be the right mix of security, convenience, cost and ease of deployment for everyone."

More from The Wall Street Journal:

Sep 16, 2013 9:37PM

i'm getting sick of all this new technology! more crap to break down and more cost and more junk

we really don't need to survive! people buying new phones ipads notebooks ever six months to

a year are morons! what a racket all these companies have going! it's like buying a tv every six

months cause they came out with a new one! STUPID!

Sep 16, 2013 7:29PM
When I hear of Various New & Improved Security Measures For Sale an article I read comes to mind..

Not too long ago, one of my students, named Peter, told me a story that captures rather nicely our society's misguided efforts to deal with dishonesty. One day, Peter locked himself out of his house. After a spell, the locksmith pulled up in his truck and picked the lock in about a minute.

"I was amazed at how quickly and easily this guy was able to open the door," Peter said. The locksmith told him that locks are on doors only to keep honest people honest. One percent of people will always be honest and never steal. Another 1% will always be dishonest and always try to pick your lock and steal your television; locks won't do much to protect you from the hardened thieves, who can get into your house if they really want to. The purpose of locks, the locksmith said, is to protect you from the 98% of mostly honest people who might be tempted to try your door if it had no lock.
Sep 16, 2013 8:05PM

I am not a religious nut, haven't been to church in years.  However, in the Bible, Revelations chapter 13 verses 16-18, reference is made to the mark of the beast, and that no one can buy or sell without this mark.  All of this sounds too much like that.  We went from cash, to checks, to cards with pin numbers, to passwords, to fingerprints, to voice recognition, to.....   well let's just say that if every person were to receive a permanent "mark" (maybe "chip") on their right hand, (or on their forehead for either convenience or if someone is "right-handed challenged"), this would be the only way to buy or sell.  You go to Walmart you don't bring cash, check, credit card, debit card, pin number, password, nothing.  Just talk to (scan) the hand....


And he causes all, the small and the great, and the rich and the poor, and the free men and the slaves, to be given a mark on their right hand or on their forehead, and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the beast or the number of his name. Here is wisdom. Let him who has understanding calculate the number of the beast, for the number is that of a man; and his number is six hundred and sixty-six.

Sep 16, 2013 10:02PM
Sounds to me like a great way for the NSA to get a fingerprint from every person in the world, kids to the aged. REALLY BAD IDEA!!!
Sep 16, 2013 8:56PM
The Orwellian theory is alive in the USA today. He missed the mark by a few years, but, Big Brother is watching Big Time.
Sep 16, 2013 9:37PM
Passwords have a definite advantage.  If they have been broken, you can change them.  If a crook forges your biometric data, you are out of luck.  The biggest problem with passwords is that unscrupulous people get access to them.  This will not change.  What this will mean is that you can no longer "change the locks."
They can kiss my big white **** if they think i'm giving up my personally chosen passwords. All this tech just makes the NSA drool so they can snoop on us.
Sep 16, 2013 7:39PM
This sounds to much like big brother, fingerprints, chips, but no chips under the skin for identity.  The fingerprints might work, put you can copy a fingerprint.  When the debit card came out it was not popular, but now look.
Sep 16, 2013 8:54PM
If Big brother is constantly getting hacked, How safe is any of us?
Sep 16, 2013 9:28PM
Bad, Bad, Bad idea.  It is just too easy to steal your password or mimic your eyeball and fool these systems.  Passwords, are simpler to change, easier to remember, and when you change it the person trying to get into your system has to start all over again.  Wrong direction all together.
Sep 16, 2013 10:31PM

This is all just another stepping stone toward the mark of the beast mentioned in Revelation 13:6-8 where people will not be able to buy or sell without it.


The End Times are definitely here.  They will be ushered in by reason of fear and convenience.  There is nothing wrong with current passwords, but we are being made to fear that there could be bad things up ahead if we don't conform to the new way of doing things.  Fear makes people think we need some new measure to protect us. 


The other factor is convenience - people always want what is trendy, easier, etc.  So on the one hand, we'll be made to believe and fear we really need all of these new security measures to keep us safe.  On the other hand, people will want to have the latest and most hip stuff, they'll want to do what is easiest, and they'll want to be able to impress others.  This is how the End Times are going to be ushered in.


Folks, put your hope and trust in Jesus Christ.  The government is not going to save you and take care of you.

Sep 16, 2013 9:15PM
right like that is a good idea NOT!!!!!, we are giving up more and more freedom and control. soon we will all be screwed.. lift some ones print with tape and use it to scan in.
Sep 16, 2013 10:05PM
Not a good idea. Passwords can be changed fingerprints, etc. can't. Enough already !!!
Sep 16, 2013 8:55PM
The idea of using a finger print as a password is a very good one, however, there is a major drawback. What happens if you happen to injure that finger and it has to be kept wrapped up at all time times? Or even worse, what do you do if you happen to lose that finger?
Sep 16, 2013 9:50PM
Has anybody consider the consequences and implications should your "biometric identity" be compromised? For as long as the authentication mechanism is conducted electronically, it doesn't really matter whether it is a sequence of keystrokes, a fingerprint, a voice print, or a hologram! 
Sep 16, 2013 9:32PM
Your password doesn't do any good any more. NSA doesn't need it to look at your info. 
Sep 16, 2013 10:21PM
Enough  is enough! . . . . . How about keeping the good old fashion simple password system. It has worked for years.
Sep 16, 2013 7:06PM
The NSA will welcome any new challenges. They are ready to make any attempts at true encryption totally useless. It is for our own good. Chomp! oh that was a piece of my tongue..
Sep 16, 2013 9:33PM
fingerprints aren't the greatest for me. I cleaned the outside of the house with a spray to get off the mildew that builds up on the shady side of the siding.  Not a big spot, took maybe a half hour to scrub and rinse.  I went to the rec center who installed the fingerprint system and all 10 fingers have a problem registering.  I have handprints on file because I used to volunteer there, so we just laughed it off and thought it will heal up, and later I could use it.  It has been months still can't use the system.  So I reverted back to my old card.  Works for me.  My advice?  Wear gloves when using supposedly friendly products. 
Sep 16, 2013 6:41PM
only if you have a touch screen  ,lots of CPU that are not touch
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Start investing in technology companies with help from financial writers and experts who know the industry best. Learn what to look for in a technology company to make the right investment decisions.





Quotes delayed at least 15 min