reports that a recent analysis of debit card PINs shows that 1 in 10 users pick "1234." Thirty years deep inside the digital revolution, the mighty password has proved to be exceptionally complicated and ineffective. Little sticky tabs taped to the computer or written on the desk are common sights.
Major companies like Yahoo's Content Network lost close to half a million usernames and passwords last July, LinkedIn was hacked with 6.5 million passwords of users exposed, and 8.24 million Gamigo passwords were leaked after hack. InformationWeek Security
reports that "76% of popular consumer applications running on Android and iOS devices store usernames as plaintext, and 10%--including Hushmail, LinkedIn, and Skype--store passwords as plaintext."
"Many systems require only username and password, so having the username means that 50% of the puzzle is solved," said the report. "In addition, people often reuse their usernames so it will generally work on many online services."
Red Tape at NBC News
feels that 2012 will be a turning point in the history of passwords, a year when passwords become history. The public knows about space-aged authentication systems like retina scans and computers that recognize voices, yet continue to use passwords with grade school mentality.
Researchers from Carnegie-Mellon University's "Biometrics Research and Identity Automation Lab," and a small Canadian start-up firm are investigating whether the way people walk can be used as a simple yet secure way to affirm their identities. "The system uses a 'BioSole
' inserted into shoes to assess a wearer’s gait, matching that distinctive pattern against an existing record to verify the person’s identity."
"Something you are" biometric passwords include a retina scan or fingerprint, things that authenticate users from hacks based on something they are and cannot change. The advantage of this type of password is that they to not rely on the person's ability to remember, a failing in most people.
Red Tape also reports that Symantec Corp.'s Marty Jost thinks behavioral techniques offer the most promise for next-generation "passwords." Companies like Symantec are increasingly using cell phones as tokens. A simple text message or phone call sent to an employee’s phone serves as a second authenticating factor, as users are much less likely to lose their phones
"Biometrics have been around a long time, but have historically tended to be unreliable. Just when you need it most, your fingerprints are dirty and they don't read right, for example. That's what's held it back," he said. "The key to success is providing a second factor without making it difficult to use. When you try to use an exotic method, it becomes a different problem, such as a customer service problem or a user satisfaction problem."
Biometrics in everyday lives have already entered the consumer area, with facial and voice recognition systems like Samsung’s “Face Unlock” and Apple’s Siri, preparing people for what is to come.