recommended reading

Forget Your Password? No Problem -- Here are 4 Body Parts That Could Authenticate Your Identity Online


First the good news: “password” is no longer the most widely used password. Now the bad news: it’s been knocked off the top spot by “123456.” Banks and online retailers—who have the most to lose from hacks—know that no matter how much they ask users to think up a password with capitals, numbers, characters, and obscure phrases in Tagalog, passwords will always remain weak and prone to hacking.

So if thoughts from inside your head won’t cut it, perhaps actual body parts will. Here what some people think might replace passwords for good:

Your veins

Barclays announced last week it will provide biometric readers to its corporate banking clients from next year. The biometric reader looks like a bank-branded pulse oximeter, the sort of medical device you’re hooked up to when rushed to the hospital. It looks for unique vein patterns in the finger to ensure the person brokering a big deal is, in fact, who they say they are.

Your vocal chords

It’s not the first newfangled technology that Barclays has deployed to try and bolster security. Last year it introduced “voice biometrics”—analysing speech patterns—for its wealth and investment management clients. That system is provided by Nuance, a company best known for producing the Dragon NaturallySpeaking voice-to-text software. It has a 95% success rate in correctly identifying customers (standard security questions are used as a fallback option).

Your hand(writing)

Alibaba, the giant Chinese online retailer, is integrating fingerprint scanning into its Alipay Wallet app. Foxconn, the Taiwanese manufacturer of the iPhone and iPad, threw nearly $5 million at Norway’s NEXT Biometrics, which develops fingerprint scanning technology, back in May. And earlier this month it took a 10% stake for $2 million in AirSig, a Taiwanese company that uses smartphones’ built-in gyroscopes to track air handwriting. The company says AirSig provides three-factor authentication: your signature, your phone, and the way you sign with a flourish in mid-air.

Your friends’ faces

If you don’t particularly care for the idea of using your own body parts, why not use a friend’s? Researchers at the University of York recently tested the theory behind a system that they call “Facelock.” Users pick people known to them but not to the general public. Pictures of these familiar faces replace the password; users are given a selection to choose from. Lab tests show that hackers guess the correct face less than 1% of the time, while legitimate users rarely failed in their recall.

None of these systems are as innovative or infallible as their makers boast. Fingerprint scanners have been attached (pdf) to mainstream consumer electronics for more than a decade, and have often proved temperamental or prone to fakery. Apple’s TouchID on the iPhone 5s was hack-free for a grand total of 48 hours after its release. Signatures can be forged, even if they’re written in mid-air.

But at least nobody’s going to be chopping off fingers: For Barclays’s finger vein technology to work, the finger must be attached to a body. One way or the other, the future of passwords is clear, and it doesn’t involve passwords.

Reprinted with permission from Quartz. The original story can be found here

(Image via ktsdesign/

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.