Sorry, Biometrics Alone Will Not Be Replacing the Password

  

NEW YORK (TheStreet) -- Yes, you may be able to unlock your iPhone 6 with your fingerprint, but don't expect biometrics to replace the traditional password anytime soon.

At a panel discussion during Cantor Fitzgerald's Internet & Technology Conference, Emmanuel Schalit, the CEO of password manager Dashlane proclaimed that the password is here to stay as the de facto standard for security, despite the hype around biometrics and consumer log-ins like Facebook Connect.

Schalit compared the password to the QWERTY keyboard, saying that some things just never change because that's the way it's always been done.

"There is no law that makes us work the standard way but today there are 650 million websites that use logins and passwords because that's a free system, nobody owns it, and it's very simple to use," he said. "For better or worse we are probably going to have to deal with passwords for a very long time."

When asked about the growing popularity of biometrics like Apple's fingerprint technology, Schalit dismissed it as both unsafe and far from being a standard. He cited a story where hackers took a high definition photo of the German defense minister Ursula von der Leyen and were able to obtain a fingerprint from the image that could access her identity.

"If your five fingerprints are stolen you can't cut your fingers and replace them with a new one," he said.

The other issue with biometrics, per Schalit, is that there is no standard and there is an overwhelming number of systems clouding the technology and making it hard to become more widespread.

In addition to biometrics, another notion that has been offered as a substitute for the password is a consumer log-in like Facebook Connect, which lets users log-in to third party sites and applications through their Facebook identity. The problem with that alternative is that most consumers would not feel comfortable logging into their bank with Facebook Connect, Schalit explained.

That's why Dashlane starts with the premise that passwords are here to stay, so how can we better secure them. Dashlane's solution encrypts all of a consumer's passwords and lets them use an auto-login on sites like Amazon (AMZN) and Apple (AAPL) to call up their encrypted password. In essence, Dashlane turns the consumer's master password into multiple, more secure passwords that make it harder to hack into an account.

Dashlane's certainly not the only one trying to solve the problems with passwords -- there's 1Password, LastPass, and KeePass, to name a few. The key for all of these solutions is adding a multilayered approach to the traditional password.

Lorrie Cranor, a professor at the Computer Science and Engineering & Public Policy at Carnegie Mellon University, thinks the use of password managers is one of the feasible solutions for achieving more secure passwords without having users remember all the different combinations of numbers and letters themselves.

While it may seem like a safer idea to ask consumers to change passwords on their own, Cranor believes that could lead to even more problems.

"Asking users to change their password every 90 days just leads to weaker passwords," she said. "Password policies should balance security and usability. Our research finds that you can achieve fairly strong and usable passwords by requiring 12 to 16 characters and 2 or 3 character classes from the 4 character classes possible (uppercase, lowercase, digit, symbol). The non-lowercase letters should be spread out in the middle of the password and not at the beginning or end."

For frequently changing passwords and encrypting them in managers, another solution is to combine multiple methods of authentication.

"Passwords reflect 'what we know' and biometrics reflects 'what we are,'" Prasant Mohapatra, a computer science professor at the University of California Davis, said. "The downside of passwords are: they are unsafe if chosen easy, and they are cumbersome if chosen complex. The downside of biometrics is that, once stolen, they cannot be replaced. So the future will rely on multifactor authentication, which will involve a combination of both what we know and who we are."

 --Written by Rebecca Borison in New York

 

More from Technology

Tesla: What Are Wall Street's Best Analysts Saying Now?

Tesla: What Are Wall Street's Best Analysts Saying Now?

Cisco Investors Shouldn't Panic About Competition From Amazon -- For Now

Cisco Investors Shouldn't Panic About Competition From Amazon -- For Now

MoviePass CEO: Movie Theaters Like AMC Are Trying to Put Us Out of Business

MoviePass CEO: Movie Theaters Like AMC Are Trying to Put Us Out of Business

As Trump Courts Putin, Russia Is Shrinking Away from U.S. Economy

As Trump Courts Putin, Russia Is Shrinking Away from U.S. Economy

Flashback Friday: Bank Stocks Stay Hot and Tesla Stays Relevant

Flashback Friday: Bank Stocks Stay Hot and Tesla Stays Relevant