Why are we all still using passwords to pass through software barriers? The obvious answer: passwords sort-of still work, if sufficiently strong and sufficiently long and varied.
Until passwords don't help us, or until we have bad experiences resulting from security attacks that make a mockery of password protections. However, exciting changes could be coming to your world sooner rather than later.
When passwords are hacked, broken, most of the blame for subsequent problems is put on users. Causes could include any and even all the problems below:
- Your passwords are too weak.
- Your passwords are too short.
- Your passwords are too simple.
- You used the same password for more than a single item access.
- Your device has been hacked.
- And so on.
Table of Contents
Nevertheless, Passwords Are Still With Us - I'm Astonished! And Yes, Dismayed
Creating and managing effective passwords is simply too hard for most people, who have lives to live, modern life to deal with, too many distractions, interruptions, and so on.
That's why millions of devices are probably getting broken into, regularly compromised and accessed by people who most likely, do not have your best interests in mind.
To avoid getting hacked, you have to develop some savvy password skills, application, and yes, cultivate some luck.
Moreover, if you're not using passwords at least as complex as the three listed below (a separate one for each service):
- 4%wb6niVD;[email protected]
... then you have my sympathy: I wish you luck.
Yet, today, we should all surely be using passwords at least as complex as those above.
Anything less today, and we're almost certainly asking for trouble.
Ideally today, if you're still using passwords alone, aim for passwords 2 or 3 times as long and equally complex as the three examples suggested above.
Yet how many websites are using antiquated software systems that simply can't handle sufficiently complex passwords?
Even in March 2018, I still come across website login systems that insist your password must be less than 8 or 9 characters: a black-hat hackers dream.
Yet remarkable efforts are focusing on allowing our faces to log in. No passwords needed. Nevertheless, to-date, facial login for websites is still probably not sufficiently strong. So other biometric data is required to fill any security gaps.
Suppliers like Apple seem to have perfected facial log-in for their devices, fingerprint login to devices, and with the latest operating system upgrades, websites too. Remarkable changes are coming faster than expected.
Perhaps Apple have achieved the goal by controlling both the hardware and the software - and of course, the "low-level" firmware, or the software that comes embedded into their custom made electronic chips.
For those that can't yet control all of the elements in the chain, as we bolt on complexity, a key drawback is monster creation: we can end up with a mish-mash of methods and protocols, none of which seems to work properly with each other "partner components".
However, perhaps, not so far away, there's another way, an answer, a solution.
How To Kill Your Passwords - By Breathing On Them
Where are the A-star developers; the world-changers; the technology mavericks?
Yet, there is hope. The winds of security technology changes are blowing ever more keenly.
For me, the time for change is now. The key pieces of this remarkable jigsaw puzzle are forming, emerging into their theatre of operations, or are almost in place as I write this article today.
Though I understand that an entire industry has been set up to service "conventional" passwords, naturally, I think the idea below must surely provide a near perfect, high security way to pass through software security barriers, without the need for:
- Typed passwords (so no more needing to record thousands of passwords, or use weak ones less than 20 characters).
- Fingerprint sensors (not everyone has a "reliable" fingerprint: ask anyone who's work involves physically intensive activities using their hands).
- Drawing a picture, shape, or pattern on a screen with a light-sensitive stylus, or on touch devices, you can even use a finger.
- Speaking a special phrase to voice-print-activated software (hardly secure, and not always suitable).
- Scanning a face - while sometimes robust, if the facial scan is not sufficiently detailed or sensitive, errors can result, especially where people have similar facial features. More detail and greater sensor sensitivity seems to point to a solution of sorts for this method.
However instead, why don't we use the one unique, personal characteristic we all have, that represents our own soverign individual identity: our DNA.
Even better, perhaps there's an easier way to sample our DNA, without:
- Blowing into a bag (breathalyser anyone) until we almost pass out. Or ...
- Using needles.
- Blood samples.
- Requiring body fluids (Yuk), or ...
- Any other bodily invasive procedure.
So how you may reasonably wonder?
Given that we have devices that can already analyse human breath (blood alcohol mix, solving crimes, etc), how long before our devices know who we are simply through using them?
Already, a lot of interest can be found in "breath DNA". You can search on Google.com for "can human breath identify dna?" (without the quotes), to discover, at the time of writing about 11.2 million search results.
For most of us, the most natural, reliable, instinctive human process is the act of breathing.
Technological sampling of our own breath is surely the most efficient DNA key to providing secure access to all of our devices - maybe websites too:
- A method that with the right infrastructure in place, just works.
- A process that requires nothing more of us than to be alive, present, and situated sufficiently close enough to the breath sensor or device.
- Could be made to keep working even when we are asleep, or be made to instantly switch off when we fall asleep. Both scenarios could have benefits, requirements, applications.
How "Breath Door" Devices Could Work
In Brian's new password-free world, to access a locked device is simple after initial quick and easy setup:
- Smart phone: simply pick up your phone and start using your device. Why: your smartphone instantly already knows that you're the authorised user, so for you, all software doors are then opened. For anyone else, those doors instantly close. No passwords involved.
- Apple Mac or PC: likewise, all you need do is be "in range" of the activating sensor(s) - most likely, at least two sensors would need to "agree" before access is allowed. No more log-on passwords, or Windows ID. Simply start using your device.
- Website: perhaps a similar spin-off process can convert your unique DNA "breath fingerprint" into a ridiculously complex, insanely long, crazily encrypted ID number or code, that automatically changes with each use.
- Internet-enabled television: just be located in the same room, and your TV automatically logs you into Google, Facebook, Amazon, Netflix, BBC, Sky TV, etc.
- And so on.
So if a "try-it-on" unethical hacker were to get hold of your ID would do them no good.
- Place your smart phone back into your pocket or bag. Or ..
- Close your tablet device. Or ...
- Shut your computer lid. Or ...
- Simply move away from your device or out of breath sensing range for more than a fraction of a second, ...
... your breath DNA sensing device automatically locks the device or website login.
Your locked device is similar to how you might log out of a website or a computer or terminal - except you don't have all the hassle of managing usernames and passwords.
As you return to your device, once you're in range, your new unique, encrypted "breath ID" gets regenerated again, perhaps even cross-encrypted using a blockchain.
Is All This Beautiful Technology Coming To A World Near You?
I should hope so. Or am I thinking too far ahead?
For enterprising individuals, industry disruptors, in this brief exploration, I've given the bare bones of an idea completely free of cost. For those remarkable individuals, I say, now go make a billion dollars.
And yet, even now, some smart groups, way ahead of me, are already developing "breath door" access. Poised for greatness on a scale that can only be imagined! What about you? Such an astonishing market can have multiple players - if you're quick enough.
A perfect domain name for such an enterprise could be: BreathDoor.com - will our breath become the door into worlds containing information we own, use, or control?
BreathDoor.com is for sale by owner today.
To protect both buyer and seller, we will use secure transfer of domain name(s) to buyer through escrow.com, or other trusted, proven, third-party escrow service.
To make an offer, to get started, please complete the following two steps:
- Click or touch the button below:
Subscribe To Allow Us To Communicate
(European Union General Data Protection Regulation states we must have your permission before we can communicate). If you have already subscribed, you can skip this Step 01.
- Click or touch the button below to email us:
Send Your Offer By Email