Do Passwords Have a Place in the Future?

Update: Since this original post the Samsung S8 has been released and is fully loaded with the latest biometric authentication features – finger print, iris and facial recognition – oh my! What does this mean in the greater scheme of things? Passwords as we know it are going extinct! Whereas a loved one or planning professional could once assume access (albeit often not in a legally viable fashion) to accounts via passwords – we are getting closer and closer to a time when that will no longer be the case.  The registration and management of these accounts is becoming ever more complex, and yet it is imperative that these digital assets are included for the complete fulfillment of an account holders final wishes. This serves as a reminder that there are growing reasons for attorneys and their clients to maintain a knowledge grasp around the developments affecting their digital accounts. 

________________________________________

What if we told you that just a few years from now password usage might be nearly obsolete? You might say – “that’s ridiculous”, and in fact you wouldn’t be completely off base.  However, there have been massive changes in the way authentication methods are implemented and activated on the user’s end. While these alternatives aren’t the holy grail of substitutions and alternatives will continue to evolve – they are opening the gateway for a very different and interesting future both on and offline and it’s imperative that attorneys stay tuned. 

The Status of Passwords Currently

While it’s probably next to impossible to determine exactly how many passwords are out there trailing access to accounts in the cyber world and beyond, there are reports that an estimated 300 billion passwords will be active by 2020.  Considering that the two most commonly used methods of keeping track of passwords is memorization and writing them down – not exactly the most sustainable methods – this is a fair incentive to keep an eye on what’s coming to replace them.

Are Passwords Becoming Outdated?

The security issues with the use of passwords isn’t exactly “news”, but these problems are pushing the next wave of cyber security evolution and it’s worth monitoring the transformation.  There’s some pretty incredible potential for authorization technology that brings star trek first generation to life in a very real way; although we can probably be rest assured that dematerializing transportation is not a thing of the near future…at least not the very near future.

There are plenty of existing password use alternatives or methods of layering up the security:

    • Auto-sign ins: browser’s password memory is one widely used methodology.  But, of course – the biggest security issue there is when your device gets lost or stolen and said thief or fortunate and immoral wanderer suddenly has access to your accounts.
  • Multi-factor Authentication: systems that use multiple sources of evidence for authentication, typically a password or piece of knowledge paired with a physical component also – like a bank machine that asks for a PIN and insertion of the card itself.
  • Browser extensions: Some tools like Buffer, and our Portfolio Plus extension allow you to utilize the platform directly from your browser when needed online without having to login each time. The DCS Portfolio Plus is unique in that it enables people to capture all of their digital assets in one place without having to store any passwords – enabling the user to assign directives unique to each account, that may or may not grant access to their fiduciary.
  • Magic Keys & SMS Codes: several services are enabling alternatives to password use incase forgotten.  A solid example of this is when an account allows us to have a code sent as a text to the phone number assigned to the account. The popular messaging service Slack allows you to get a “magic sign-in link” that you can use for access instead of having to remember your password.
  • Biometrics: the validation of a user by a system using that person’s biologically unique characteristics, such as fingerprints or facial features.

Our Bodies are Molding the Future of Authorization Technology

Probably the most anticipated and fascinating evolution in alternatives to passwords is the use of biometric technologies in the place of password use.  Although biometric technology for the use of authorization has been ‘in vogue’ for some time now, only recently – with the advant of use in mainstream consumer technologies – has it really seen widespread adoption and user acceptance.

Previously, these technologies haven’t been able to gain much traction due to problems ingrained in the way the mechanics themselves were applied. For example, when facial recognition technologies were beginning to gain traction in 2005 – these machines could be fooled by simply holding an image of the authority face at a particular distance to the camera.  This problem was fixed with the implementation of life tracking that would enable the machine to track minor movements in the face to detect live presence. However, this too could be fooled by presenting the camera with a video clip of the individual. 

Today of course, we have a much different picture with incredibly fine tuned devices that can read various aspects of our biological characteristics that uniquely identify us. One of the most recent incorporations into these technologies is the use of an individual’s heartbeat to prove authenticity of access to various systems. While we’re all aware that heart rate monitoring has been around for some time and embedded in our devices, what a lot of us aren’t aware of is that we each have our own unique heart rhythm that is incredibly difficult to replicate. This information is propelling companies like Apple to drive forward with the development of device features that will enable the use of a user’s heart rate as an alternative to the use of their password to unlock their device.

We can’t help but think of the futurist Ray Kurzweil’s discussion on the exponential growth and evolution of technology.  To think, it was only just in 2007 that the first mobile phone with fingerprint recognition – the Toshiba G500 – was released and then improved and made popular by Apple in 2013 with the release of their iPhone5S.  Now, in 2017 we’re monitoring heart rates for identification.

Security of Biometrics

While there are plenty of obvious and not so obvious benefits to the use of biometrics in identity recognition tools, there are still enough reasons to be somewhat wary.  Although your heart rate, iris or fingerprint are indeed uniquely yours and incredibly difficult (if not near impossible) to replicate – there are nonetheless issues.  Madhumita Murgia of the Financial Times, suggests a pretty pungent concern about the theft of your biometric data: “once stolen, you’ve lost it forever and you can never replace your face or your heartbeat.”

Researchers out of IBM Singapore and Michigan State University are also concerned with biometrics use as an alternative to passwords. They warn that despite the biological uniqueness of some traits – it’s not universally unique in all cases; for example, identical twins can share some of these traits and thus lack distinctness. In addition there’s a lack of secrecy, after all with the plethora of social media accounts alone our faces are easily traceable.  For these reasons, these researchers suggest that actually a multi-factor authentication system that uses biometrics along with more traditional methods might be a better and more sustainable approach.

A Look to the Future

Whether we’re faced with the fear of cyborgs that replicate our biological identity or not, it’s clear that we’re in a moment in history where the use of passwords in a traditional text based sense is seeing massive transformations.  Users of digital accounts and other authentication systems both on and offline need to be aware of the many methods now available to them for keeping their information secure.  On the flip side, companies presenting people with the use of services that require authentication of some kind, especially highly sensitive services – like the management of finances or estates – have a duty to provide secure methods for users to feel protected – ever more so with the imminence and ever increasing integration of the Internet of Things.