It is common knowledge that passwords are broken – everyone is talking about it. Last week Edward Snowden, the infamous whistleblower, was interviewed on Last Week Tonight with John Oliver explaining why we should all be upgrading to using passphrases, long uncommon phrases that we can remember, but which are not common enough to appear in the dictionary. In the interview Snowden remarks that,
‘Bad passwords are one of the easiest way to compromise a system – for somebody who has a very common 8 character password – it can literally take less than a second for a computer to go through the possibilities and pull that password out.’
With the password problem becoming more and more renowned, it is no wonder that companies such as Yahoo are trying out new systems like one-time login codes (as flawed and easy to pick holes in as that replacement system is) in order to try and take the burden of true security off of the average person’s mind. At BestVPN we have ourselves advised a few times in favor of using a password manager such as KeePass to take the burden of password responsibility off your shoulders, and to give you a long and randomized password that is much more difficult for a computer to crack.
Now, in a presentation called Kill all Passwords, Jonathan Leblanc, global head of developer advocacy at PayPal, explains why passwords should soon become a thing of the past, and talks about replacing them with non-antiquated biological models, arguing that technology has far surpassed what people think about in terms of ‘true integration with the human body.’
What he means by ‘antiquated’ or ‘external’ biometrics are classical biological inputs – retina scans and fingerprints – ‘old hat’ technologies that have been part of our mass perception for a long time, and which, according to PayPal’s top exec (who works alongside engineers and developers to find and test new technologies), are giving way to much more precise and safe methods of biometric identification which involve inner body integration and functionality.
In the presentation he talks about injectable, ingestible, and embeddable technologies being the future of identification for sensitive online interactions and payments, claiming that we will soon be shifting to a new wave of technology in which body functions such as heartbeat and vein recognition will allow for real ‘natural body identification.’ Sci-fi stuff indeed!
Leblanc, like Snowden, recently said in an interview with the Wall Street Journal that passwords are indeed broken and must be replaced, ‘If there’s a weak password you need to harden that with something physical behind it,’ he observes, and although there are methods for increasing security already available, such as location verification and habit identification, these can often lead to false negatives involving both the real person being locked out unnecessarily, and the wrong person being logged in by accident – both of which are problematic.
In his presentation, Mr Leblanc sounds as if he is talking about the biometric chips of countless conspiracy stories – under the skin silicon implants – wireless chips that contain ECG sensors, and can monitor the heart to find unique electrical identifiers, data which is in turn communicated back to computers via wireless antennae in ‘wearable computer tattoos,’ (no doubt on the wrist or the forehead, I think to myself while awkwardly mumbling the words ‘mark of the beast’ and nervously contemplating that move to the Outer Hebrides.)
Leblanc says that while it is going to take a while for the average person to catch up with ideas such as an ingestible capsule that can detect glucose levels in the blood and bounce that encrypted data back, his ideas are far from fantasy, and that for every idea he presents there is a start-up company already working to make it a reality. He also argues that although PayPal is not necessarily going to adopt any one, or all, of these new technologies, he is happy to be placing PayPal at the forefront of thought when it comes to these new innovations. A few examples of the technologies that Leblanc is willing to disclose PayPal is working on with partners include vein recognition technologies and heartbeat recognition bands – ideas which are brainstormed during 24-hour hackathons, he explains.
It is also true that PayPal is not the only company looking into the future of identification security. For one, it is part of a larger coalition of companies that include Samsung and Qualcomm called the Fido Alliance, whose mission statement is to ‘change the nature of online authentication.‘ Also, back in February, Russian firm Kaspersky announced that it would be working in partnership with the BioNyfiken bio-hacking collective to look at the real possibility of intelligent sub-dermal implants. Talking about the new partnership with Kaspersky, Hannes Sjoblad, one of the founders of BioNyfiken said,
‘The technology is already happening, we are seeing a fast-growing community of people experimenting with chip implants, which allow users to quickly and easily perform a variety of everyday tasks, such as allowing access to buildings, unlocking personal devices without PIN codes and enabling read access to various types of stored data.’
As far as the conspiracy element goes, the truth is that new technological developments are often construed as dangerous, and this has been true of nearly every significant advancement throughout the ages. And although the idea of having something within the body may put some people on edge, the truth is that if it is more secure than a password by being completely personal to you, then it does have real world applications that fill an urgent necessity for un-hackable front end security.
Of course, with new technologies there will always come new risks. Will these body implants be truly benevolent or will they also be hackable and programmable to have backdoors? Will they simply be a new way to steal our privacy and our identities in perhaps scarier and deeper ways? The truth is that only time will tell, but Mr Leblanc says that time is approaching rapidly… so get ready!