Think about it: How many times a day do you input a password? You unlock your phone in the morning to check the weather, then you might type in another password to view your bank balance. You stop for coffee and pay with a debit card (PIN), and at work, you have a password for your computer and another one for your e-mail account.
You get the idea. According to Regina Dungan, head of special projects at Motorola, the average person enters a password 39 times a day, some up to 100 times a day. The problem is that users, faced with remembering dozens of passwords, often resort to a simple password that they use for several different accounts. SplashData, a California company that produces password management software, releases an annual list of the most commonly used passcodes on the Internet. For 2013, "Password" was the second most popular security phrase, right behind "123456" and just ahead of "1234567," "letmein" and "abc123."
Clearly, many users aren't taking their information security as seriously as they should be. If a hacker figures out your password, they can wreak havoc on your finances. The importance of strong passwords was driven home recently when hackers broke into the crowd-funding website Kickstarter and made off with usernames, e-mail addresses, mailing addresses, phone numbers and passwords. The passwords were encrypted, but hackers can break the code - and those with the weakest passwords are the most vulnerable.
The Changing Face of User Authentication
These kinds of breaches have companies scrambling for futuristic alternatives to passwords, including things like electronic tattoos and password pills that emit a signal when they hit your gastric juices. Some popular trends are:
The iPhone 5S has an optional fingerprint reader call Touch ID. If someone snatches your iPhone, they wouldn't be able to use the phone, or discover your passwords, unless they also stole one of your fingers. Fingerprint technology is already employed on other devices, including some laptops, and its popular with many smartphones sold in Japan and the South Asian market.
Apple hasn't introduced facial recognition security yet, but Android has a feature called Face Unlock. There are also two apps that use facial recognition to keep information secure. FastAccess Anywhere, available for Android, Apple and Windows PC, and FaceCrypt, available for Apple products, store an image of your face. When you want access to a protected Web site or an online vault containing your passwords, you look into the phone camera and the app unlocks your data if your mug matches the stored image.
You may have already used a different a form of face recognition. If you sign into Facebook from an unknown computer, the site asks you to identify several of your friends. While it might be easy for a hacker in Nigeria to find out the answer to some security questions - such as your mother's maiden name - it would be much harder for him to put a name to the faces of your friends.
Voice and Device Recognition
U.S. Bank, acknowledging that its customers are tired of the "interrogation process" involving passwords, PINs and security questions, is testing out some voice-recognition biometrics that would allow you to speak a phrase to access your credit card account on a mobile device. Another kind of sound security is Google's SlickLogin, which allows you to simply place your phone next to your computer, where they have a faint, tone-based conversation before granting access. LaunchKey software also requires multiple levels of authentication, such as a PIN combined with the ability to pair devices or to set geographic limits on logins.
Motorola is working on that computer-chip pill, which, when perfected, would "authenticate you" into your car, computer or front door. Motorola is also working on a patch with embedded sensors that you would wear on your skin for a week or so. Researchers call it an "electronic tattoo."
Strengthen Your Current Security
If you're not quite ready for biometric technology, you can still fall back on those old-fashioned passwords. Here are some tips for making them stronger:
- Use nonsensical passphrases connected by underscores or random characters. "Soap_saber_radio" will be more effective than "Let_Me_In."
- Don't use the name of the website or product you are trying to access in your password.
- Don't use the same passwords for different websites or services.
- Use a password manager application. Products like SplashID Safe, 1Password and LastPass organize and protect passwords or can automatically log you into some sites.
"Google's Motorola May Give You Tattoo or Vitamin Password," Forbes, June 5, 2013, TJ McCue, http://www.forbes.com/sites/tjmccue/2013/06/05/googles-motorola-may-give-you-tattoo-or-vitamin-password/
"Crowd-funding site Kickstarter hacked; CEO urges password changes," CNN, Feb. 16, 2014, Sho Wills, http://www.cnn.com/2014/02/15/us/kickstarter-site-hacked/
"Kickstarter hacked, user data stolen," CNET News, Feb. 15, 2014, http://news.cnet.com/8301-1009_3-57618976-83/kickstarter-hacked-user-data-stolen/
""Password" unseated by "123456" on SplashData's annual "Worst Passwords" list," Splashdata.com, http://splashdata.com/press/worstpasswords2013.htm
"iPhone 5S fingerprint sensor: The end of passwords?," CNET.com, Sept. 10, 2013, Zack Whittaker, http://news.cnet.com/8301-1035_3-57602126-94/iphone-5s-fingerprint-sensor-the-end-of-passwords/
"The iPhone 5s's Fingerprint Scanner Was Hacked, but I'm Not Worried," New York Times, Sept. 26, 2013, David Pogue, http://pogue.blogs.nytimes.com/2013/09/26/the-iphone-5ss-fingerprint-scanner-was-hacked-but-im-not-worried/
"How to use facial recognition on your iPhone," CNET.com, Dec. 20, 2013, Lance Whitney, http://news.cnet.com/8301-13579_3-57616147-37/how-to-use-facial-recognition-on-your-iphone/
"U.S. Bank Pilots Voice Biometrics As Secure Way To Access Card Accounts," Bank Systems and Technology, Feb. 21, 2014, Kathy Burger, http://www.banktech.com/architecture-infrastructure/us-bank-pilots-voice-biometrics-as-secur/240166109
"Google Wants to Protect Your Password with Sound," Time, Feb. 18, 2014, Doug Aamoth, http://techland.time.com/2014/02/18/google-wants-to-protect-your-password-with-sound/
"The Secret to Password Security Could Lie in Your Social Network," Mashable, Feb. 20, 2014, Rebecca Hiscott, http://mashable.com/2014/02/20/password-social-network-authentication/
"Sick of Typing Passwords? Get an Electronic Tattoo or Ingest a Pill," ABC News, May 31, 2013, Joanna Stern, http://abcnews.go.com/blogs/technology/2013/05/sick-of-typing-passwords-get-an-electronic-tattoo-or-ingest-a-pill/