Are Biometrics the Future of Passwords?

By Wesley Fenlon

The tech world is looking for a replacement to a broken password system. But can biometrics gain the mass adoption necessary to fill that space?

Someday we'll look back on our passwords, archaic and forgettable combinations of letters and numbers and symbols, and wonder how we put up with it all. We'll be much happier with our retinal scanners or DNA readers or mind-links to our futuristic security systems. In the tumultuous present, however, tech companies are scrambling for solutions to the problem of passwords, which have proven undersecure in recent years.

Apple's new iPhone 5S aims to replace four-digit pins with fingerprint scans, which avoid most of the problems passwords currently face. Fingerprints can't be guessed like common passwords, or bruteforced like short passwords. Apple also isn't giving third-party apps access to the fingerprint data or storing them in the cloud, which will make them much harder to steal in a security breach.

The fingerprint scanner is a good solution for a smartphone, which is typically used by one person. But how can similar password-replacement systems work on a larger scale? The New York Times recently highlighted a number of solutions from tech startups and established companies like Motorola, most of which face the same problem: Mass adoption. Many of these companies are trying to tie networked security systems into the Internet of Things so that you could unlock your garage door the same way you log into a website.

Earlier this year, Motorola talked about the idea of a password pill that you swallow once a day.

The Times quotes an engineer from start-up OpenID getting to the heart of the problem. " 'The Achilles’ heel of the Internet of things is, how do you secure access to all these things?' said the engineer, Jim Fenton. 'If you connect all these things to the Internet you need to have good ways — good from a security standpoint and a convenience standpoint — good ways to control access to things. Having user names and passwords is not a good solution for every device.' "

OpenID limits the number of passwords you need by using an identity provider to communicate with a number of other websites and services. Other solutions try to get even further away from passwords. Earlier this year, Motorola talked about using pills and electronic tattoos for authentication. The pill is powered by stomach acids and "creates an 18-bit ECG-like signal in your body and essentially your entire body becomes an authentication token," according to Motorola's Regina Dugan.

Another potential solution is a wristband called Nymi, which recognizes you by your heart.

Nymi reads your unique heartbeats to identify you, then pairs with a smartphone via Bluetooth to provide authentication. But the security of that system is worth little if no one can log into Google or Facebook with the Nymi, or use it to unlock their front door or start their car. At $79, the wristband is even reasonably priced, and the technology sounds really cool. But are wearable electronics really the solution to the password problem, when we have perfectly good fingerprints and eyeballs with us at all times?

Many, many companies seem to think biometrics are the future, but there's no clear road to that future. Whatever the most popular solution ends up being, we'll be happy to find a more secure replacement for passwords--so long as human blood sacrifices aren't involved, anyway.