With the internet being an indispensable part of life, passwords have also become an integral dilemma. With more and more facilities coming up online, each facility requires different types of passwords based on length and strength. Some require you to put in a special character, others may want a CAPITAL letter and others may want you to do a back flip as well. The odd part about passwords is that not many people seem to have invested their time, money and resources into investigating what the alternatives to passwords could be. Some services offer to remember your passwords while others offer to automatically fill them into your web forms, but this doesnt really solve the problem of passwords.
With 2 factor authentication becoming more popular, passwords have to share their space of glory with other authentication tokens or methods. 2 Factor Authentication matches “something you know” with “something you have” and thereby allows you to sign in.
Using Audio and Visual means to authenticate is becoming more and more popular across the internet. Services like Clef provide a system by which an image on your phone app is matched with an image on the login screen of your website, by using the phone’s camera. This image matching causes the system to authenticate and allows you to login. Its something like how a bar code is read by a scanner and the entry is automatically filled in. Illiri goes a step further by transmitting passwords in audio form.
A lot of websites with sensitive information often send a second password or a One Time Password to your email or mobile phone by SMS. This acts as a second layer of security to establish your identity. You have to then enter the exact same character string into your login box along with or after entering your password. Banks use this to authenticate high value transactions and also before you make important changes to your account profile. The limitation in this system is that you have to have mobile phone connectivity or access to your email at the same time that you want to do the transactions. This can be quite a limiting factor if you are travelling. Some banks also provide phone apps to allow you to generate the number using the app rather than sending the OTP by SMS. However, this system can be easily fooled if the impersonator has your password and mobile phone or email access.
Another way of replacing passwords is by using certain unique elements of the human body. Modern bio-metrics use Fingerprints, Retina Scans and even Face Recognition to help you authenticate even if you suffer from memory loss. Increased reliance on bio-metrics is visible from the integration of a fingerprint scanner in iPhones and also the launch of many laptops for home use with face recognition and also finger print readers. Although bio-metrics are somewhat unique, they don’t remain fool proof and also can be inconvenient. Hence, all devices which come with bio-metrics also have an alternate password or PIN option to authenticate.
Banks use physical tokens or “dongles” which generate a random number which must be put in with the password at the time of authentication. This is a replacement to the OTP, to ensure that there is no middle-man or interceptor who can steal your OTP when it is being sent by the bank by SMS or email. Physical tokens have a high chance of being lost or forgotten. Further, they maybe reverse engineered and misused by hackers.
As it is famously known that “security and convenience are inversely proportional”. This means that the more security you have, the less convenient it is and the more conveniences you have, the less secure they make you. True to this, no matter what security measures we try and implement, the human element will be the weakest link in the chain of security.