Since the early days of computing, passwords have long been used as a method of identity authentication. However, there is one fundamental flaw in this method of identity authentication; as times have changed, passwords haven’t and they are now no longer enough when it comes to both user experience and security. In fact, towards the end of last year, researchers from Google looked into the black market and found millions of usernames and passwords that had been stolen, as a result of cybercriminal activity. Upon closer inspection, the tech giant also uncovered billions of passwords that had been indirectly exposed, thanks to third-party data breaches.
With this in mind, and with the cyber security landscape at its most hazardous, product manufacturers and service providers alike have turned their attentions to alternative and modern methods of authentication, including facial recognition or fingerprint scanners. However, while we might have moved on from more traditional authentication processes, there’s still a way to go. Most importantly, the best is yet to come.
Zero login technologies are about to solve the password problem forever. Soon we won’t need to type a password ever again, with our devices being smart enough to instantly recognise us instantly and offer a personalised experience based on this. Where we are, how we type and how we interact with our personal devices are all unique and new technologies are being developed that can log us in to our applications, without us having to lift (or scan) a finger!
The here and now
With Apple only implementing fingerprint scanners into their devices in 2013, the concept of zero login can come across as a little too forward-thinking, whereas in reality, it’s already being used. Amazon, for example, is trialling new ways to authenticate its customers, all based on their individual behaviours. Not only does utilising this information generate a more holistic view of the user – how fast they type, how hard they tap their phone – it also shows much more than just their username or password, helping to better tailor their experience.
However, is zero login isn’t just benefiting the customer experience, it is also helping to crack down on cybercrime, with the unique authentication methods being next to impossible to guess or duplicate. Whereas advanced hackers can quite easily conjure up millions of different potential passwords per person at the click of a button, they would struggle to mimic a person’s behaviours and individualisms.
Considering the bigger picture
Imagine you are ordering a Deliveroo from your phone, charging it to your usual debit card, and having it sent to your home address. Sound like something a hacker would do? Probably not! Even today, plenty of applications will ask you for some form of authenticity and verification – usually a password – even if you use them on a regular basis, and the chance of the activity being fraudulent is extremely low.
One of the many benefits of zero login technologies is that they pay attention to consumers actions, building up a profile of what is deemed ‘normal’, and what appears out of the ordinary. It’s not to say you’ll never have to create a password again, but it’s very unlikely you’ll be asked to use it.
Getting security right the first time around
Thanks to the way we now interact with our devices – whether using them for shopping, swiping or searching – our smartphones hold a wealth of information about us, a lot of which can be used to inform and enable zero login tools. That being said, with any authentication technique, there is a right way and a wrong way to do so.
The right way involves having software running locally on your device, which then sends a ‘risk score’ to the cloud, ensuring smart authentication decisions can easily be made. On the other hand, the wrong way is to send information on behaviours, locations and biometrics across the internet, and have it stored in the cloud, leaving it exposed to potential hackers.
In just a few years’ time, authentication will have done a complete 360, leaving passwords in the past and zero login acting as both the present and the future. However, while we have a better, more secure outlook ahead of us, it’s essential we don’t get too caught up in the hype and prioritise privacy, getting it right the first time around.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.