 |
| image courtesy: http://static4.techinsider.io/image/560434a99dd7cc18008bcd37-2513-1885/ex-machina-movie-artificial-intelligence-robot.jpg |
Password
could be a pain, particularly when you have multiple web sites to access many
sites. The consumer complains that passwords are fast becoming a psychological burden – an albatross that weighs down the
person with too much data dumped in the head that’s hard to decipher. And
apparently one can sense discomfort and disconnect. It’s like having
too many keys to open one room and woefully, you can’t pick out the right one
which will unlock. And the real hassle is when password is forgotten and the
allowed number of ‘attempts’ gets exhausted, the system locks, leaving you
stranded but the chore running back and forth with the back-office executive
walking-through the password retrieval process leaves you fuming ‘is technology
a boon or bane’. Anything will have its downside – including technology. You
might want to have a turnkey system that does the trick and get you going.
Password,
PIN and Breach
Recent
times have witnessed worst security breaches because of weak passwords.
How private information lands in the public domain makes it a necessity to
ensure that safety mechanism are in place and hence stronger password. But too
many passwords? Why? Google has single sign-on to access all its application.
Why can’t life be simpler? Or are we complicating in the name of security? The
easy way out would be to have one password for all sites so that you really
don’t squeeze hard your memory like sifting sand from grains. If it makes your
life easier, then think about the breach and there it goes – with one key all
of yours is ‘gone for good’. It was this paradox that actually turned out to be
the problem statement. Single-point of entry is swift but so would be the
theft. In this era of technology, and digitalization, all access points are
fortified through authentication. Multi-tier security system or secured
transaction or secured authentication service. Still, we are not done with the
password for an alternate method that’s more convenient and confident. Almost
everyone with digital experience would have yearned for that day they could
dispense with password or PIN (Personal Identification Number) which earlier
was recommended to be bolstered from breach by creating an alpha-numeric string
with a heady mix of special characters to safeguard from sabotage, and now some
institutions like Banks make the usage of special characters mandatory
visualizing that invincible predator preying on vulnerable victims, and soon
emerged phishing as one the worst attack on data integrity. With reputation in
ruins, name in tatters and business rocked in its very foundation, damage
control and image building exercises not only resulted in spiraling costs with
a dent on the bottom-line, but kept the stakeholders on tenterhooks. So it
would, by no stretch of imagination, become too much to bear for all the
stakeholders and so far the necessity of the hour and lack of alternative left
the end-user with no choice but coin the Password or PIN as complex as possible
and remember it for good and retrieve on-demand. Further, it was strongly
discouraged in storing the information in hard or soft copies, and science
dealing with encryption and decryption made it even more mystique and
technology related to secured socket layer took over.
Abacus –
the painkiller?
It is possible to solve
every puzzle? At least, for the password related problem Google believes it can
achieve a breakthrough by getting rid of the stiff impositions of barriers – NO
PASSWORD.
How in the world would you
access your information whether it’s an email or your bank account? Google
assures that there is a ‘fix’ and will test with bank first and based on its
success, offer for others.
Dan Kaufman, Head of
advanced technology and projects at Google, commented at the company’s I/O developer
conference “We have a phone, and these phones have all these sensors in them.
Why couldn't it just know who I was, so I don't need a password? I should just
be able to work,"
How does it work?
The technology uses
biometric data and supporting information to identify and authenticate access.
It uses Trust API to determine ‘trust score’ by employing and engaging
different parameters like facial recognition, location, typing styles to
ascertain the identity of the user. To access sensitive information, the ‘trust
score’ should be high, and that’s the reason the testing begins with a
financial institution. The higher the score, clearer is the identification and access provided, else, denied.
Interestingly, Kaufman, has this to say about authentication "What we're
going to do with this is be able to get rid of the awkwardness of second-factor
authentication,"
Google assured to introduce
this ‘password-free’ feature to every android developer by this year-end.
Is there a Precedent for
‘No-Password’?
The answer is in the
affirmative. Yes. Let’s not take away the shine off Abacus and assess on
its own merit. Scandinavians will be familiar with this concept of logging into
their bank accounts using behavioral biometrics and not a password. The
password is queried only when the usual signs and symptoms fail to be detected
and is treated as a legitimate case in validating the customer identification .
In Norway and Sweden, major banks employ BankID for doing daily banking
transaction to booking tickets or applying loan or paying taxes online.
It was estimated that by 2014, BankID is used by over 3 million
Norwegians (over 75% of the adult
population(pdf).
BankID
can identify the user through a combination of factors like assessing the way
the screen is swiped, the pace at which data is keyed – meaning the pressure
with which you punch-in data is critical to analyze and evaluate your identity.
It is behavioral science at an advanced level that any change in pattern or
shift in style will trigger the system to confirm with a ‘password’ prompt. The
system has studies the user to identify as its customer. This is made possible
by behavioral biometrics layer of BankID.
So
Behavioral Biometrics is nothing new; the anticipation is the evolution of
technology in this space of biometrics in the context of identity crisis. We
may to have wait till the year-end to see what the future unfolds.
No comments:
Post a Comment