What will it take to move authentication from UI to GI?

Summary:Is turning humans into signal-emitting authentication devices possible or even desirable?

Solutions to the age-old authentication process (read; passwords) are flying fast and furious.

Web sites are making available two-factor authentication, most recently Twitter , with the promise of improved security. There are biometrics including voice, fingerprints, and facial recognition. There is geo-location based on smartphone mapping. There is talk of mouse tracking, keystroke patterns, gestures and your own heartbeat to serve as identifiers. There are devices you can carry in your pocket, wear on your wrist, your ankle or draped around your shoulders.

Wearable technology is staring you in the glassy-eyed face, literally, whether you like it or not.

In combination, these authentication tools become even more powerful, if not a bit more cumbersome to execute.

And therein lies the rub. With all the talk about upgrading from passwords, can these authentication tools become too powerful? Who's at the controls when authentication signals are read? How are you linked to your identity and in what ways can you be tracked, targeted and impersonated?

Where is the line if wonderful theories are to become useful technologies?

Last week, Motorola talked at the D11 conference about its cutting-edge authentication research. Temporary tattoos - high-tech patches already used in the medical field, that might support authentication. Also, the Google-owned company went all "outside-in" with its peek at the future of identity.

A pill, ingested once a day, that turns the user into their own authentication device, activating laptops, devices, and perhaps even the coffee pot, whenever and wherever they might go. You are your own UI.

No doubt the current state of the password could use something to cure its ills.

Regina Dugan, a senior VP at Motorola who showed off the future at D11 (video here), called the pill "your first super-power." The question is "yours" and "who else."

And while using the pill as an authentication device is merely a project to marvel at now,  application of the technology and issues like privacy will determine if it ever sees the pit of your stomach.

Can the pill's authentication be turned on and off? How do I prevent every reader from picking up my signal, an issue the government faced when it mandated RFID-chips for passports. The first solutions were to wrap the identity documents in a metal case. Talk about your tin-foil hats.

If the user is authenticating just by moving around, how does the user prevent being tracked as they are recognized by various sensors or log into various applications?

And foremost, how are these devices linked to the user. Are they doled out like contact lenses with your prescription (re: identity) printed on the side.

And what if these pills are lost or stolen. What is the revocation process, or the re-activation process, especially when the user discovers that their pills just fell down behind that old pile of floppy disks.

And what are the long-term health risks? In the 50s, fewer than 50% of people thought smoking caused lung cancer. In the 90s, people wondered if cell phones were giving them brain cancer. Are they? The arrival of digital phones has taken some of the steam from that debate.

Better and easier authentication is quickly becoming a mandate, but can it go too far? And if so, what are the ramifications? For one, passing a token and token retrieval could take on a whole new meaning.

Topics: Security, Networking, Privacy

About

John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five y... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.