Feeds:
Posts
Comments

Posts Tagged ‘Passwords’

Recently, Qualcomm Inc., a leading supplier of mobile-device chips announced its Spectra imaging system, which (according to the Wall Street Journal, 8-21-17) “can extract depth information from objects including faces.”  In other words, your password will soon – finally! – be replaced by an image of your face.  It’s about time, eh?

The company plans to use the technology soon in its next line of mobile processors, and around the same time, Apple may soon, it is rumored, offer a similar feature on the iPhone.  Might facial recognition finally be the password replacement technology we’ve longed for?

The technology differs a bit from that used in security cameras around the world.  Your phone or laptop camera, after all, don’t need to spot you in a crowd, it just needs to distinguish one face – yours – and it can do it very well, since you’re likely to be only a foot or two away.  Its structured light technology is said to splay tiny infrared dots across an image of your face (or other target) and, by reading distortions, capture incredibly detailed and accurate information.  And because of its use of infrared technology, it can work in the dark.

Apple has not confirmed any of this yet, according to the Journal, but it does appear to have the necessary patents, technology and, perhaps, inclination – say at the unveiling of the 10th anniversary iPhone.

Best of all, Qualcomm has indicated that its Spectra chip with facial-depth recognition capabilities will be available for future versions of Android phones.  While previous versions of the Samsung phone could be ‘fooled’ by holding up an image of another person’s face, the Spectra chip boasts of having the added capability of “live-ness detection,” thus making it less likely to be fooled, even with a 3-D printed mask.

You’ll teach your phone the same way you do with thumbprint recognition today, and images will be securely stored on the device itself, not in the cloud.

Eventually, supply chains being what they are, the technology will trickle down into less expensive devices, with the potential to actually become “mundane” one day according to the CEO of biometrics company Tascent.  That’s a good thing, as the improved simplicity and security that come from being able merely to look at our devices is likely to curb our otherwise bad password habits through which we all too often put our finances and personal information security at risk.

 

 

 

 

Read Full Post »

… “123456”.  And that’s a problem, according to Security Keeper, Inc.  For years, tech firms have been trying to limit the damage hackers can do by cracking conventional passwords.  They’ve tried two-factor authentication for Gmail, iris scanning, fingerprint ID… and yet phishing and scamming schemes not only persist, they become larger, more audacious, more widespread and more costly.

Our firm has witnessed more than one of our ERP clients compromised by ransomware in the last year.  And while weak passwords aren’t necessarily the only way in to networks, they don’t help.  A product manager at Yahoo! once put it succinctly: “Our vision is to kill passwords completely.”  This was noted in a recent article on computer security in Bloomberg Businessweek (June 2017).  “In the future we’ll look back on this time and laugh that we were required to create a 10-character code” with mixed case, numbers and symbols, according to Yahoo’s Dylan Casey, VP of Product Management.  And the day can’t come soon enough for most of us.

To move in that direction, new ideas are emerging.  Yahoo lets email users unlock their accounts solely through a push notice sent to their smartphones, no password required.  Others are following similar “smartphone-as-skeleton-key” approaches, or are expanding the use of biometrics as unique identifiers, in lieu of passwords.  Samsung is about to allow Galaxy S8 owners authorize mobile payments (in the U.K. for now) utilizing the phone’s iris scanner.  Microsoft and Lloyds Banking are experimenting with allowing users access to online accounts using a webcam photo of their face.

Microsoft also offers fingerprint authentication via smartphone, with plans soon for desktops and laptops.  According to Alex Simons of Microsoft, “You’ll be able to take your phone, walk up to your Windows 10 PC and just user your thumbprint to log in.”  Barclay’s bank is experimenting with identify verification over the phone using vocal records.

While none of these security measures is perfect (you can fool the S8’s facial recognition for example by holding up a photo of the right person’s face), still… they’re big steps in the right direction.  As in all things tech, it’s only a matter of time.

Michela Menting, a security researcher at ABI Research still believes it will be tough to get those last holdouts from using their 123456 though “until we have embedded devices in ourselves that can act as that password.”  Scary thought.  Welcome to the future.

But we’ll close with this factoid from USA Today: 37% of Americans keep a piece of paper with all of their passwords somewhere they deem safe.  (Want to bet it’s more than that?)

 

Read Full Post »