• Michael Weeding

Your filthy finger is another reason why passwords are not secure.


If you are seeing more and more security features being enabled across your commonly used applications and are wondering who is to blame for this new inconvenience then you only need to look around. The weakest link in security is most commonly the user and the features being enabled has been put there as it commonly agreed amongst security experts that the password on its own no longer provides effective protection.

It is not hard to work out why, passwords are inconvenient and many people just do not remember them. So what do they do? They use the same password for everything or use easy to remember passwords. In a recent Ofcom’s study out of the UK they found 55% of adult internet users use the same password, while 26% say they tend to use easy to remember passwords such as birthdays or names, potentially opening themselves to account hacking.

These are the most common but what about the less obvious issues such as “smudge attacks”. With touchscreens being more commonly used you may not be aware that you are leaving a trail of your most commonly used actions across your screen that is easily recovered. Researchers from the University of Pennsylvania found that in most cases full or partial pattern recovery is possible even with smudge noise such as the screen coming into contact with clothing or actually being wiped clean.

So if you are using a pattern as a way to unlock your Smartphone or a passcode that does not contain repetitive use of the same number as part of the combination it may not as secure as you think, even more so if your finger has come into contact with oily foods such as a bag of chips.

The more you look the more you realise that it is critical that we move towards a world that relies less on the use of passwords. So if we move away from passwords it is important that new solutions are more secure and more convenient for the user, we can easily add new layers of security but if they cause inconvenience regular users potentially may stop using your application.

Biometrics is one area where there is a lot of work being done to identify new ways to remove the reliance on the password. Samsung has used facial recognition as a way to unlock their phones since the launch of the Galaxy S3 last year however it is not effective as a photograph as this is all you need to activate the “Face Unlock”. The rumours point to the fact that Apple will introduce a fingerprint scanner to replace the lock button in the next iPhone release and Google will introduce an ID ring where a chip will be placed in an item of jewellery that all will potentially be used in the future to confirm your identity.

Whether you like this idea or not, you will have to accept that solutions such as these will become more common in the coming years as consumer demand more convenience over and above the use of the basic password. It is important for organisations to start planning for this now with the priority being on the concerns that users will have over the storage of this type of information. Verification using a finger or voice print over alphanumeric characters is going to be a little worrying for people concerned over privacy and I think that this potentially will become one of the hottest topics of debate centred on any new password solutions that are introduced into the future.

So I guess for now all eyes, or should I say fingerprints will be focused on the release of the iPhone 5S.

#Security #Authentication