Have Passwords Finally Come to an End?

Every year, IBM publishes its predictions about what technologies will emerge over the next five years. The 2011 forecast included the extinction of passwords, replaced by smart devices that are able to recognize their user. This forecast is both welcomed and worrisome at the same time.

Password management has become quite a puzzle (and a major pain in the #$$). It was fine at the beginning – you chose an easy password based on a birth date or your pet’s name and used it everywhere. Then we were told that these passwords were foolish and dangerous because even the most inexperienced hacker could gain access to our bank account or steal our identity. So, we took a more complex approach to password strategy by coming up with all sorts of variations to match the requirements. But with certain sites imposing their own rules (such as minimum number of characters and the inclusion of $%?&^@!* plus caps, no repeated numbers etc.) it has become nearly impossible to find easy-to-remember tricks that work across the board.

To be automatically recognized by your favourite sites, like a returning patron at your neighbourhood bakery, is a good thing. However, the implementation of sophisticated recognition technology poses a security risk should it fall into the wrong hands. What we see in the movie remake of 1984 and Brave New World is becoming more and more realistic, and Big Blue calling it doesn’t help any.

But we cannot impede the progress of what has proven to simplify our digital lives. It will soon be time to lobby for the creation of regulatory bodies and biometric recognition control, like we did for databases, bio-ethics or GMOs.

Discuss This Article

Comments: 1

  • The IBM prediction that “you’ll never need a password again” is surprisingly ill-conceived and weakly argued.

    They conject that you will one day “Walk up to an ATM and access your bank account by simply speaking your name and looking into the camera”.

    One wonders how much thought has gone into this imagining. Are they really advocating biometric authentication without any physical card? If the False Accept Rate is not *infinitessimally* small, then occasionally the ATM is going to grant you access to someone else’s bank account. What’s the socially acceptable error rate leading to that sort of mistake? One in a million? And given the Sensitivity-Specificity Tradeoff, are we prepared to tolerate the correspondingly high False Reject Rate?

    I say this needs a lot more work, even at the concept level. Five years? I think not. Perhaps never. The sensitivity-specificity tradeoff is inherent to biometrics and real world instrumentation.

Add a New Comment

Thank you for adding to the conversation!

Our comments are moderated. Your comment may not appear immediately.