A Future Free From Passwords?

Passwords are a problem. The most secure passwords are robotic, nearly impossible for humans to remember and can lead to high IT costs through password resets or, worse, can pose serious security risks as employees take shortcuts to remember them. Imagine that familiar sight of a password pasted to a desktop with a Post-It note.

In a recent article for the New York Times, Randall Stross explores a future where passwords are eliminated. Rather than the biometric systems shown in science fiction (fingerprint recognition, iris scans), researchers are developing ways to identify users through behavioral characteristics in keystroke and “mouse dynamics,” essentially the patterns for how people type and move the mouse around the screen.

Stross writes:

“[Professor Roy Maxion, Carnegie Mellon University] gives this example: A computer user holds down a key for an average of 100 milliseconds. Suppose that a fraudster is trying to mimic a person who is slightly faster than average — typically holding the key down for 90 milliseconds. ‘Then the spoofer is in the dubious position of having to consciously shorten a key-press action by 10 milliseconds,’ Professor Maxion says. Having such control doesn’t seem realistic, he says, when one considers that ‘a voluntary eye-blink takes 275 milliseconds.’”

That all may sound straight out of a sci-fi movie, but until behavioral tools such as keystroke dynamics or mouse and file opening patters go mainstream, passwords are unavoidable in our modern world. Fortunately, while we all wait for the latest sci-fi and military technology to become reality, IT departments can mitigate the password security threat with single sign-on. We may not be able to eliminate passwords just yet, but at least we can all take steps to improve password security.