Passwords can sometimes feel like an invention designed to frustrate us when we forget them. If we’re not being told our password isn’t strong enough, then we’re in despair after finding our passwords stolen in yet another data breach.
Password security can feel like a never-ending battle, but fortunately for us, certain people are putting their minds to the problem and working to make our lives more comfortable and secure.
1. Brainprints, the Ultimate Password
For nearly half a century, biometric identification has been a staple of sci-fi and action movies. In these fictional worlds, someone only needs to glance at an iris-scanner or place their fingerprint to be identified. In recent years, real-world tech has begun to catch up with the movies, and now even most smartphones come with a fingerprint sensor.
Security firms are keen to market biometric identification as a “password-killer,” but that leaves out that biometrics introduce several other security problems. However, if researchers have their way, we may soon find ourselves logging into accounts with the most secure identifier of all—our minds.
In 2015, a team of researchers at Binghamton University found [PDF] that by using an EEG to measure the participant’s response to a string of text, they could create a personal brainprint. This brainprint was unique to each person and could be used to reliably and accurately identify a specific individual, even up to six months later.
The original 2015 study had an accuracy of 82 to 97 percent, but further research has shown that this figure can increase up to an astonishing 100 percent accuracy.
This is made all the more impressive as they added another layer of complexity by incorporating images alongside text to form the brainprint. While you may not be strapping yourself up to an EEG to log into your online banking any time soon, brainprinting may be the next technology to make the leap from science fiction to reality.
2. Password in Your Pocket With Pico
Biometrics may play a part in a password-less future, but mass adoption is a challenge because of the risks of turning into a sci-fi dystopia.
You’ve probably even seen this in action when setting up your phone’s fingerprint reader—having to register for each service is not only a hassle, but increases the risk if one of those services is ever compromised. And it’s not as though you can easily replace your fingerprint.
This problem hasn’t gone unnoticed, especially by researchers at the University of Cambridge Computer Laboratory led by Frank Stajano. They have been developing an authentication device small enough to fit in your pocket called Pico.
Stajano first pitched the concept in a 2011 paper titled “Pico: No more passwords!” [PDF]. In the years since, the Pico has moved from theory to reality. In 2017, the device was trialed as an alternative login for the website Gyazo.
Carrying a hardware device with you isn’t a radical new concept—it is, after all, a cornerstone of two-factor authentication—but the Pico does have a unique selling point. Rather than complimenting the password, the Pico hopes to eliminate passwords entirely.
However, as explored in their 2017 paper, interoperability and adoption are challenging problems to overcome. If adoption is one of the most significant hurdles, then why not use a device everyone already has with them: their smartphones?
3. Yoti, the Mobile ID System to Replace Passwords
That’s precisely what the UK-based Yoti plans to do. According to their website, they are “on a mission to become the world’s trusted identity platform” with their mobile-based ID system. Download the app, enter your details and government-issued ID, alongside a selfie, and Yoti will verify your identity.
Your identity is encrypted and accessed only through their app. If a business needs to confirm who you are, it’s as simple as scanning a QR code. In early 2018, Yoti raised an additional £8 million ($10.7 million) of funding, which they expect to use to reach two million users by the end of the year.
The Man Who Stands Watch for Password Leaks
Barely a day goes by without some app or website being hacked. It’s concerning that these organizations seem unable to protect themselves, but more worryingly, they aren’t able to protect your data.
Recent high profile examples include Dropbox, Uber, and Yahoo. Assuming that you avoided those, then you may have been caught up in the public dump of 560 million passwords. If you’re overwhelmed by the seemingly constant onslaught of password breaches, you aren’t alone—security researcher Troy Hunt feels the same.
In 2013, Hunt launched his website Have I Been Pwned (HIBP), which was developed in his spare time while working for a pharmaceutical company. The site has a searchable database of over half a billion passwords from breaches dating back to 2011.
If you think you may have been affected, all you need to do is search for your email address. If it appears in any comprised data, the site will tell you which breaches it was found in. You can even subscribe to notifications if it appears in any future leaks.
Less than two years later, Hunt left Pfizer and began to focus on his blog and HIBP full-time. As its now so commonplace, HIBP is one of the best sites to check if your accounts have been hacked.
The fact that HIBP is entirely free to use, with no data harvesting, lends to Hunt’s credibility. That’s alongside his now well-established blog, which attracts more than 20,000 unique visitors per day (buy him a coffee if you want to thank him).
How to Keep Your Passwords Secure Until Then
The data breaches of recent years have highlighted how inadequate passwords are for keeping us secure in the modern age. They might not be going away any time soon, but there are reasons to be optimistic.
Pico and Yoti are making inroads to removing passwords altogether, although it may be a while before you can start using brainprints anywhere. For the time being, HIBP recently announced a partnership with 1Password to help you choose better passwords and up your security.
Although these advances will make you more secure in the long run, there are several ways to improve your passwords right now.
You should make sure you aren’t making any of these password mistakes. Instead, focus on creating strong and unforgettable passwords. Better yet, start using a password manager! Password managers are the most secure option, period.
We all have to share passwords with friends and family from time to time. Rather than noting them down on bits of paper, read about how to safely share your passwords. Also, regularly updating your personal passwords will statistically keep you safer.
Image Credit: garloon/Depositphotos