Password could be a pain, particularly when you have multiple web sites to access many sites. The consumer complains that passwords are fast becoming a psychological burden – an albatross that weighs down the person with too much data dumped in the head that’s hard to decipher. And apparently one can sense discomfort and disconnect. It’s like having too many keys to open one room and woefully, you can’t pick out the right one which will unlock. And the real hassle is when password is forgotten and the allowed number of ‘attempts’ gets exhausted, the system locks, leaving you stranded but the chore running back and forth with the back-office executive walking-through the password retrieval process leaves you fuming ‘is technology a boon or bane’. Anything will have its downside – including technology. You might want to have a turnkey system that does the trick and get you going.
Password, PIN and Breach
Recent times have witnessed worst security breaches because of weak passwords. How private information lands in the public domain makes it a necessity to ensure that safety mechanism are in place and hence stronger password. But too many passwords? Why? Google has single sign-on to access all its application. Why can’t life be simpler? Or are we complicating in the name of security? The easy way out would be to have one password for all sites so that you really don’t squeeze hard your memory like sifting sand from grains. If it makes your life easier, then think about the breach and there it goes – with one key all of yours is ‘gone for good’. It was this paradox that actually turned out to be the problem statement. Single-point of entry is swift but so would be the theft. In this era of technology, and digitalization, all access points are fortified through authentication. Multi-tier security system or secured transaction or secured authentication service. Still, we are not done with the password for an alternate method that’s more convenient and confident. Almost everyone with digital experience would have yearned for that day they could dispense with password or PIN (Personal Identification Number) which earlier was recommended to be bolstered from breach by creating an alpha-numeric string with a heady mix of special characters to safeguard from sabotage, and now some institutions like Banks make the usage of special characters mandatory visualizing that invincible predator preying on vulnerable victims, and soon emerged phishing as one the worst attack on data integrity. With reputation in ruins, name in tatters and business rocked in its very foundation, damage control and image building exercises not only resulted in spiraling costs with a dent on the bottom-line, but kept the stakeholders on tenterhooks. So it would, by no stretch of imagination, become too much to bear for all the stakeholders and so far the necessity of the hour and lack of alternative left the end-user with no choice but coin the Password or PIN as complex as possible and remember it for good and retrieve on-demand. Further, it was strongly discouraged in storing the information in hard or soft copies, and science dealing with encryption and decryption made it even more mystique and technology related to secured socket layer took over.
Abacus – the painkiller?
It is possible to solve every puzzle? At least, for the password related problem Google believes it can achieve a breakthrough by getting rid of the stiff impositions of barriers – NO PASSWORD.
How in the world would you access your information whether it’s an email or your bank account? Google assures that there is a ‘fix’ and will test with bank first and based on its success, offer for others. Dan Kaufman, Head of advanced technology and projects at Google, commented at the company’s I/O developer conference “We have a phone, and these phones have all these sensors in them. Why couldn't it just know who I was, so I don't need a password? I should just be able to work,"
How does it work?
The technology uses biometric data and supporting information to identify and authenticate access. It uses Trust API to determine ‘trust score’ by employing and engaging different parameters like facial recognition, location, typing styles to ascertain the identity of the user. To access sensitive information, the ‘trust score’ should be high, and that’s the reason the testing begins with a financial institution. The higher the score, clearer is the identification and access provided, else, denied. Interestingly, Kaufman, has this to say about authentication "What we're going to do with this is be able to get rid of the awkwardness of second-factor authentication," Google assured to introduce this ‘password-free’ feature to every android developer by this year-end.
Is there a Precedent for ‘No-Password’?
The answer is in the affirmative. Yes. Let’s not take away the shine off Abacus and assess on its own merit. Scandinavians will be familiar with this concept of logging into their bank accounts using behavioral biometrics and not a password. The password is queried only when the usual signs and symptoms fail to be detected and is treated as a legitimate case in validating the customer identification . In Norway and Sweden, major banks employ BankID for doing daily banking transaction to booking tickets or applying loan or paying taxes online. It was estimated that by 2014, BankID is used by over 3 million Norwegians (over 75% of the adult population(pdf). BankID can identify the user through a combination of factors like assessing the way the screen is swiped, the pace at which data is keyed – meaning the pressure with which you punch-in data is critical to analyze and evaluate your identity. It is behavioral science at an advanced level that any change in pattern or shift in style will trigger the system to confirm with a ‘password’ prompt. The system has studies the user to identify as its customer. This is made possible by behavioral biometrics layer of BankID. So Behavioral Biometrics is nothing new; the anticipation is the evolution of technology in this space of biometrics in the context of identity crisis. We may to have wait till the year-end to see what the future unfolds.
Write a Comment
Your email address will not be published. Required fields are marked (*)