Passwords are passé

From username/password to BYOI

It’s hard to imagine an idea more inane than passwords. That we protect many of the most important aspects of our lives with little more than a short string of text is an extreme absurdity.
What’s so bad about passwords? Well, to start with, any decent password is either nearly impossible to remember or too long to deal with.
Take the “industry standard” recommendations of at least eight characters, with at least one uppercase letter, one lowercase letter, one number, and one symbol. But don’t use a common name—oh, never that!—nor the names of anyone you’ve ever met or have been related to in the past 50 years. And don’t be so stupid as to substitute a 3 for an E, or a 0 for an O, since we’re told that all the attack tools can figure that out. Instead, pick something random, with no relation to you, add numbers and symbols, and then remember it for a mere 90 days before you’re forced to change it to something else with no relation to any other password ever used in that system. (They check for those sorts of things.)
One key principle guides users when it comes to security: The more you impede a user’s ability to do something, the more likely that user is to circumvent security measures.
What about biometrics? Fingerprint readers are cheap, smart phones include facial recognition for unlocking, and the resolution of smart phone cameras is high enough to support iris scans. To me biometric authentication is a disruptive innovation that helps create a new market and value network, and eventually goes on to disrupt an existing market and value network (over a few years or decades), displacing an earlier technology. Why? Because biometric authentication will improve a product or service in ways that the security market does not expect, typically first by designing for a different set of consumers in the new market and later by lowering prices in the existing market. Users don’t really need to do anything to use biometric authentication. There’s no carrier lock-in, paperwork, or other obstacles to using it. Biometric authentication has the potential to reduce identity theft at no additional cost to consumers. tackling a real-world problem without sacrificing the user experience of convenience.
Here’s my suspicion: BYOD will lead into that new era, true user-controllable BYOI — bring-your-own-identity — which will become a more viable option in all kinds of settings of security, privacy and usability. For the customer, the enterprise and society.
Go to the Top