The Web needs a new password — as in an entirely new system for securing information.
The Yahoo password fiasco is merely the latest in a series of incidents involving nearly all of the most trusted names on the Internet. Companies such as Twitter, LinkedIn, Google and Facebook have all been hacked at some point. There are probably many more instances we don’t even know about. Chances are, last week, you received urgent messages from numerous other sites that depend on these core Web companies for user authentication, reminding you to update your passwords.
If you think about it, the current Internet password system, where the best security relies on memorizing dozens of long and at times non-sensical series of numbers, letter and symbols, is antiquated. No wonder the most common password to surface in Yahoo’s latest breach is 123456, at least according to a program created by CNET’s Declan McCullagh . Think about it, how different are passwords today from the days of Shakespeare, when the night watchmen in “Hamlet” traded matching codes in order to identify fellow members of the night watch?
No wonder many have been predicting the death of the Internet password. In fact, at the end of 2011, IBM made “the death of the password” one of its five major tech trends to follow in 2012. As IBM Fellow David Nahamoo explained, the Internet password is about to be replaced by biometrics:
Over the next five years, your unique biological identity and biometric data — facial definitions, iris scans, voice files, even your DNA — will become the key to safeguarding your personal identity and information and replace the current user ID and password system.
We’re only mid-way through the year, and this looks like one technology prediction prognosis that’s going to come true sooner rather than later.
As Chris Wilson noted in a New York Times feature on life-changing innovations, it just makes more sense when your body is your login. It may sound a bit like science fiction, but “iris scans” and DNA-based IDs are just more secure than a string of easily hacked numbers and symbols. Computers have become so powerful that even randomly generating a bunch of six-digit passwords (especially, ahem, passwords like “123456”) is a piece of cake for a determined hacker. However, the only problem with biometrics — as some have wryly pointed out — is that once somebody has hacked your body, how exactly are you going to change your password? Get a new retina?
Even beyond biometrics, there are other candidates for replacing the common Internet password. Google, for example, has debuted facial recognition technology for unlocking Android phones. Now that the Internet password has been hacked to death, it’s time to get serious about replacing the basic system of identification, including e-mail addresses and six-digit passwords, with something a bit more secure. Even staring into a smartphone camera for a quick facial recognition check doesn’t sound so bad these days. Some banks, for example, already require users to use their pin code along with voice authentication techniques. Whichever biometric technique ultimately becomes the industry standard, the next big wave of innovation may not be in creating something altogether new on the Internet, but in protecting what we’ve already created.
Dominic Basulto is a digital thinker at Bond Strategy and Influence (formerly called Electric Artists) in New York. Prior to Bond Strategy and Influence, he was the editor of Fortune’s Business Innovation Insider and a founding member of Corante.com, one of the Web’s first blog media companies. He also shares his thoughts on innovation on the Big Think Endless Innovation blog and is working on a new book on innovation called “Endless Innovation, Most Beautifuland Most Wonderful.”
Read more news and ideas on Innovations: