Online security, the future goes from biometrics and two-factor authentication

Passwords as we associate them today are destined to disappear within a few years. Here’s how we will authenticate online in the future

Continued hacker attacks and massive credential theft have shown not only that there is still much work to be done on cyber security, but also that Passwords can not be the only tool to protect our personal data . Despite the tricks and measures that can be taken to create secure passwords, our personal profiles – and the data contained therein – are always at risk hacker attack: most of the password thefts are the result of flaws at the manager’s database level service (see, for example, the cases Yahoo! and Twitter). Choose one secure password , as one passphrase , made with numbers, letters and symbols is a good security option but may not be enough.

A problem that has been tried to face by preparing alternative methods of identification to passwords. On smartphones (and, slowly, even on laptops) have been adopted various biometric technologies : the fingerprint smartphone is now mounted on the vast majority of smartphones on the market, while facial recognition begins to peep into high-end and mid-high-end devices (even on computers, thanks to Windows Hello ).

Hacker credential theft

For this reason, and dozens of others, the password future it seems to be darker than ever. According to many IT security experts, in the short term the access keys will definitively give way to biometrics, but it will not necessarily be fingerprints, or our physical features, to be used to unlock smartphones, PCs or access e-mails. Some studies, for example, show how to use the heartbeat as a password, while on other occasions it might be enough

Wearable and heartbeat

Nowadays many people wear of fitness tracker or wearable for health that constantly monitor the heartbeat. This data can easily be reused as access key to online services or for payments. Specifically, the heartbeat of our heart will soon be used to unlock smartphones, access social networks and even to open doors and lockers in the office or at the gym . At the moment the only problem, certainly not a little weight, is the instability of the heartbeat. During the day due to tiredness, stress or changes in mood, our heart changes its heart rate. And some very accentuated variations could confuse the wearable and not allow us to access online services with our heartbeat.

There is already a wearable smart device on the market which, among its functions, offers the possibility of using the heartbeat as a password . It is called Nymi Band and can be synchronized via Bluetooth or NFC so as to take advantage of the heartbeat detection as a key to access social profiles or unlock system for laptops and smartphones.

Everything can be a password with Pixie

Although not a real alternative to passwords, two-factor authentication It is seen by many as one of the easiest ways to implement to make our accounts more secure. This system involves the use of a second access key, generated randomly by a remote system (and received via SMS) or by apps installed on your smartphone , to access your social profile or e-mail address. For example, if we have to log in to Facebook, a code may also arrive on the smartphone to be inserted beyond the password. Or if we have to enter on Twitter we can receive an e-mail containing a second temporary password.

However, two-factor authentication can work even more physically , as it is trying to demonstrate a group of researchers of the International University of Florida, in the United States. In fact, American scientists are finishing up with Pixie, an alternative to “classic” two-pass verification. With this new system we can use the camera of our smartphone directly to access our profiles on the Net: Pixie allows you to photograph any object and turn it into an access key. Whether it’s a shoe, a fork, a ring or any other accessory does not matter: after having photographed it for the first time to “identify it”, it will be enough to frame it to access our profiles.

The researchers guarantee that in no way will a hacker be able to reproduce that object because Pixie saves every minor detail like a scratch or a stain on an object to make it as little duplicable as possible. In the tests already performed only 0.09% of the authentications were fake . In other words, it was possible to access with a “token” different from the one chosen and saved initially. How will Pixie work on smartphones? Simple, you can install as a simple application and then start to be used. Every image that acts as a password is saved locally in the phone in such a way as not to be put at risk by theft of large databases by hackers.

May 13, 2018

Leave a Comment