Is there such thing as a perfect password? And will there ever be? Jessica Furseth investigates…
It can’t be too simple or it’s easy to guess, but if it’s too complicated, the person is likely to be locked out as the legitimate user. Sure, when it comes to online banking we’re happy to recite the first, fifth and ninth character of a case-sensitive phrase containing a number and a symbol. But a complicated procedure feels frustrating when it’s just a case of logging into an online shop or the public library site.
With a million online logins to keep track of, chances are most of us default to the same few passwords, leaving us vulnerable to sweeping security breaches like when Heartbleed struck earlier this year. The good news is that the most common password is no longer “password”, according to research from SplashData, but the bad news is that the most common choice is still pretty rubbish: “123456”. Other popular choices include clever-ish choices like “letmein” and “trustno1”, and a few cutesy choices such as “monkey” and “sunshine”.
While we can conclude we are rubbish with traditional passwords, the fact remains that we store increasingly more data remotely. We need some new options, it seems. One of these is voice biometrics, or voiceprints, an industry set to be worth as as much as $900m next year according to Opus Research. Governments and corporations have already started using voiceprints to pay out pensions or replace passports:
“There’s a misconception that the technology we have today is only in the domain of the intelligence services, or the domain of Star Trek,” Paul Burmester, of voice biometric vendor ValidSoft, told ‘Associated Press’. Voiceprints are as individual as a person’s fingerprints: “The technology is here today, well-proven and commonly available.”
Barclays has decided it will be rolling out voiceprinting as an identification tool to its 12 million retail customers, following a successful trial. Turkish mobile phone company Turkcell has mapped the voices of over 10 million customers, while the South African government is using the technology when issuing pension payments to ensure the recipient is alive and well.
Beyond voiceprinting, there are also alternatives to traditional passwords for companies with less sensitive data, and also smaller budgets. Apple’s fingerprint unlocking system for the iPhone is a reasonably secure system, and Samsung took it one step further when users of the Galaxy 5S could access all their saved passwords with the same technology.
While retinal scans are used for identification at high-security places such as Schiphol Airport in Amsterdam, this technology is a step beyond voiceprinting in terms of cost. While it doesn’t seem too unrealistic that the next generation Siri, or other robotic helpers, will be able to identify the device-owner based on just the voice, we’re probably going to have to make do with two-step verification for most web logins a little while longer. It feels less futuristic to sit there and wait for a text message with an additional code for logging in, but if someone works out that your password is “password1”, this low-tech method will protect you just fine.
Online security doesn’t begin and end with a good password… Find out more on our blog post about online enmity.