What comes to mind when you envision the future of IT? Holographic interfaces á la Minority Report? Perhaps your thoughts drift to an army of autonomous IoT devices humming throughout your office. Yet, the real question isn’t about what the future will hold but rather what it won’t—namely, passwords.
Sorry, you’ve used that password recently
Everyone’s been there. The dreaded day when that empty text box springs to life awaiting your creative genius. It’s been exactly [insert arbitrary amount time between password expiration dates] since you created your password, and hackers will undoubtedly crack it before the clock strikes five.
A long time ago in a galaxy far, far away, you could simply enter your Chihuahua’s middle name and be relatively secure for the foreseeable future. As it happens, computers got faster, and the bad guys got a little more clever. Those static passwords no longer provide protection, and you—along with all your users—are forced to recreate random sequences of characters every umpteen days.
Unfortunately, that’s not enough anymore. According to CSO Online, a password of eight mixed-case characters and numbers would only take about a half hour to crack for modern botnets. That doesn’t exactly inspire a lot of confidence.
Bionic security provides the answer
If the password guidelines you’ve placed your trust in are beginning to falter in the wake of unstoppable raw computing power, how will the future of IT cope? Microsoft thinks it may have the answer. As a recent ZDNet article explains, Microsoft—along with its partner Fujitsu—is ready to ditch the antiquated security method altogether. They envision a near future in which you no longer need to exercise your creative password-making mojo at regular intervals. Instead, you can simply raise your right hand—or left, if you prefer.
Taking advantage of advancements in biometric security technology, Microsoft has already added support for Fujitsu’s PalmSecure devices in Windows 10 Pro. These devices look like they leapt straight out of a Bond flick from the ’80s and simply require the wave of a five-digit appendage for authentication. Actually, you don’t even need digits, as the technology operates by recognizing the unique patterns of blue veins in your palm.
Is it a fleeting fad or an important innovation?
While this technology is being deployed to some 80,000 Fujitsu employees in Japan, the real question becomes: Is it worth it for your organization? In all fairness, that’s a tough question to give a universal answer. Digital security practices can be an intensely personal affair, and passwords are no different. That said, this tech may be on to something here.
Sure, biometric authentication is nothing new. You probably have a few devices sitting right next to you that can be unlocked with a fingerprint or smile. It’s simply more convenient than remembering and typing in a password you may or may not have changed in the last 30 days. After all, you’ll never need to worry about changing your “password” with something like PalmSecure (hand transplants notwithstanding).
These types of secure business solutions are also somewhat future proof—for now, anyway. That same raw computing power uncovering your passwords has a major limitation. In modern IT, there are two main ways to secure digital identities: requiring something a person knows and requiring something they have—(ideally, you’d require both at once). Passwords fall into the first category, but massive botnets are quite good at figuring out what you know. Fortunately, they’re comparatively terrible at replicating what you have, like the blue veins in your palm.
As great as biometric technology can be, no single factor will ever be enough on its own. The best security strategy for your office is one incorporating multiple technologies to combat a variety of attack vectors. Think printers that combine QR code authentication with encrypted storage.
Is the vision of a passwordless future realistic? In light of passwords’ increasing ineffectiveness, possibly. In a world of multifactor strategies and other secure business solutions, you may soon be able to make passwords disappear with a wave of your hand.