Why are we all still using passwords to pass through software barriers? The obvious answer: passwords sort-of still work. Until they don't, or until we have bad experiences resulting from security attacks that make a mockery of password protections. However, exciting changes could be coming to your world sooner rather than later.
When passwords are hacked, broken, most of the blame for subsequent problems is put on users:
- Your passwords are too weak.
- Your passwords are too short.
- Your passwords are too simple.
- You used the same password for more than a single item access.
- Your device has been hacked.
- And so on.
Nevertheless, Passwords Are Still With Us - I'm Astonished! And Yes, Dismayed
Creating and managing effective passwords is simply too hard for most people, who have lives to live, modern life to deal with, too many distractions, interruptions, and so on.
That's why millions of devices are probably getting broken into, regularly compromised and accessed by people who most likely, do not have your best interests in mind.
To avoid getting hacked, you have to develop some savvy password skills, application, and yes, cultivate some luck.
Moreover, if you're not using passwords at least as complex as the three listed below (a separate one for each service):
... then you have my sympathy: I wish you luck.
Yet, today, we should all surely be using passwords at least as complex as those above.
Anything less today, and we're almost certainly asking for trouble.
Ideally today, if you're still using passwords alone, aim for passwords 2 or 3 times as long and equally complex as the three examples suggested above.
Yet how many websites are using antiquated software systems that simply can't handle sufficiently complex passwords?
Even in March 2018, I still come across website login systems that insist your password must be less than 8 or 9 characters: a black-hat hackers dream.
Yet remarkable efforts are focusing on using our faces to log in. Nevertheless, to-date, facial login for websites is still not sufficiently strong. So other biometric data is required to fill in the security gaps.
While suppliers like Apple seem to have perfected facial log-in for their devices, perhaps they have achieved the goal by controlling both the hardware and the software - and of course, the "low-level" firmware, the software that comes embedded into electronic chips themselves.
For those that can't yet control all of the elements in the chain, as we bolt on complexity, a key drawback is monster creation: we can end up with a mish-mash of methods and protocols, none of which seems to work properly with each other. However, perhaps there's a way, an answer, a solution.
How To Kill Your Passwords - By Breathing On Them
Where are the A-star developers; the world-changers; the technology mavericks?
Yet, there is hope. The winds of change are blowing ever more keenly.
For me, the time for change is now. The key pieces of this remarkable jigsaw puzzle are forming, emerging into their theatre of operations, or are almost in place as I write this article today.
Though I understand that an entire industry has been set up to service "conventional" passwords, naturally, I think the idea below must surely provide a near perfect, high security way to pass through software security barriers, without the need for:
- Typed passwords (so no more needing to record thousands of passwords, or use weak ones less than 20 characters).
- Fingerprint sensors (not everyone has a "reliable" fingerprint: ask anyone who's work involves physically intensive activities using their hands).
- Drawing a picture, shape, or pattern on a screen with a light-sensitive stylus.
- Speaking a special phrase to voice-print-activated software (hardly secure, and not always suitable).
- Scanning a face - while robust, can result in errors, especially where people have similar facial features.
Instead, why don't we use the one personal characteristic we all have, that represents our own unique, individual identity: our DNA.
Even better, perhaps there's an easier way to sample our DNA, without blowing into a bag until we almost pass out, or using needles, samples of blood, body fluids (Yuk), or any other invasive procedure.
So how you may reasonably ask?
Given that we have devices that can already analyze human breath (blood alcohol mix, solving crimes, etc), how long before our devices know who we are simply through using them?
Already, a lot of interest can be found in "breath DNA". You can search on Google.com for "can human breath identify dna?" (without the quotes), to discover, at the time of writing about 11.2 million search results.
For most of us, the most natural, reliable, instinctive human process is the act of breathing.
Technological sampling of our own breath is surely the most efficient DNA key to providing secure access to all of our devices:
- A method that with the right infrastructure in place, just works.
- A process that requires nothing more of us than to be alive and be present (situated sufficiently close enough to the breath sensor).
- Could be made to keep working even when we are asleep, or be made to instantly switch off when we fall asleep. Both scenarios could have benefits, requirements, applications.
How "Breath Door" Devices Could Work
In Brian's new password-free world, to access a locked device is simple after initial quick and easy setup:
- Smart phone: simply pick up your phone and start using your device. Why: your smartphone instantly knows that you're the authorised user, so for you, all software doors are open. For anyone else, those doors instantly close. No passwords involved.
- Apple Mac or PC: likewise, all you need do is be "in range" of the activating sensor(s) - most likely, at least two sensors would need to "agree" before access is allowed. No more log-on passwords, or Windows ID. Simply start using your device.
- Website: perhaps a similar spin-off process can convert your unique DNA "breath fingerprint" into a ridiculously complex, insanely long, crazily encrypted ID number or code, that automatically changes with each use.
- Internet-enabled television: just be located in the same room, and your TV automatically logs you into Facebook, Amazon, etc.
- And so on.
So if a rather nasty hacker were to get hold of your ID would do them no good: you simply shut your computer lid for a second or two, or move away for 2 seconds or less, and your new "breath ID" is regenerated yet again.
Is All This Beautiful Technology Coming To A World Near You?
I should hope so. Or am I thinking too far ahead?
For enterprising individuals, industry disruptors, in this brief exploration, I've given the bare bones of an idea completely free of cost. For those remarkable individuals, I say, now go make a billion dollars.
And yet, even now, some smart groups, way ahead of me, are already developing "breath door" access. Poised for greatness on a scale that can only be imagined! What about you? Such an astonishing market can have multiple players - if you're quick enough.
A perfect domain name for such an enterprise could be: BreathDoor.com - will our breath become the door into worlds containing information we own, use, or control?
BreathDoor.com is for sale by owner today.
Secure transfer to buyer through escrow.com to protect both buyer and seller.