Passwords have long been one of the weak links in security. Individuals often choose poor passwords that are easy to break, re-use the same passwords at multiple - if not all - of their sites. And if they’re not written down, they’re forgotten. For their part, enterprises and tech companies do awful jobs at implementing passwords. They are often stolen from sites and counted in the thousands, tens of thousands, or millions.
For example, it was discovered earlier this month just how dangerously Google Chrome lives with passwords. Users who use Google Chrome to save and sync passwords for simplified access to their favorite websites are vulnerable to unauthorized access to their system - and someone could then look at or copy all the the passwords stored in the browser. The attributes for each site include web address, username, and password.
Perhaps technology like that in Apple’s iPhone 5S will help. The phone is widely rumored to ship with a fingerprint sensor embedded into the home button of the device. The fingerprint reader will be reportedly based on technology Apple acquired in 2012 when it bought biometric security hardware maker AuthenTec.
Industry analysts suspect the additional layer of phone authentication (beyond the PIN) will help Apple enter secure mobile payments and provide for more secure access to its iCloud and iTunes services.
I hope it goes further than that, and helps pave the way for stronger two-factor authentication that can be leveraged to access all online services - from social media to banking. Perhaps even as a form of two-factor authentication that can be used for business. Though that may be some time away, and consumer cloud services would be a great way to start.
Certainly Apple won’t be the only mobile phone maker to incorporate biometrics in their devices. It’s rumored that the HTC One Max (which itself is still only rumored to exist) may contain a fingerprint sensor.
While the demise of passwords will be slow if and when it does ever happen, it appears that the ubiquity of smart phones and their ability to authenticate users with biometrics will play a role in that demise.
Will this prove to be a security panacea? Of course not, but it may reduce many of the hassles with have to live with today associated with passwords - such as password reuse, or forgetting them because we have dozens, if not hundreds, to memorize.