Passwords to become fossils by 2017?

Passwords to become fossils by 2017?

Summary: IBM's predictions for the next five years -- fossilized passwords and biometric scanning for all.


IBM recently released its annual tradition of five predictions for five years in to the future -- among them, the belief that passwords will become redundant.

Generation Y, rejoice! No longer will you struggle with attempting to remember the password for your Facebook account, Twitter, Gmail, games networks -- the list goes on. We've all had those moments, cursing under our breath, when after three attempts you are locked out just as you remember the actual word and number combination. Or even worse, forced to fill out mud-smear captchas until your eyes start to swim.

According to IBM, future generations won't need to suffer this kind of hardship.

Not much has changed in the last five years. When it comes to computer security, most of us still rely on passwords and username log-in systems to protect our private data and access our accounts. Some companies, for example EyeNet Watch,  offer fingerprint recognition software. However, this kind of technology is rarely used by the general public.

IMB is developing technology that views facial definitions, eye scans, voice files and even DNA as personal safeguards to a far more extreme extent than now.

The company wants to replace words and numbers with security based on your biological makeup, and create unique DNA based profiles that will serve as your 'password' for a variety of tasks. These could include going to an ATM, logging in to your computer, and perhaps going as far as signing in to individual online services like Facebook or Twitter.

By using personal data that is far more difficult to forge than simply guessing or learning a password, IBM believes this type of security will be far more appealing than the memory-based approach currently employed.

That is, if people want it. Personally, I'm not keen on the idea of more DNA profiles, even for security measures. It smacks of the U.K government's failure to introduce biometric I.D cards. A question we probably don't ask ourselves enough is: how much personal information are we comfortable for organisations to hold on us?

We are yet to see whether this kind of technology, which is likely to be far more expensive to produce, will make its way in to the general public market -- or whether it will remain firmly in the grip of security companies and elitist technology.

Topic: IBM

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Presumably hardware will be required?

    Whereas our user profile could conceivably be cloud-stored, there's still the problem of proving that we are who we say we are. We're being told that Desktop computing will decline in favour of smartphones and tablets. Therefore, we're going to have to do something like shine the phone's camera into our eye to get a retina scan. But how can the security system ensure that this is actually what the user is doing? There may be some way of faking it (as there has been with fingerprints).
    Call me sceptical, but for this to happen within 5 years - IBM have got to be kidding! There isn't even a convincing case to say its any improvement over passwords.
  • RE: Passwords to become fossils by 2017?

    I'm not sure any generation would rejoice over the loss of personal privacy that would result from biometric-only logins.
    • Exactly

      biometric info goes to hacker's hand, and IBM call it safe?
  • RE: Passwords to become fossils by 2017?

    Biometric data should only be used, locally, in combination with a PIN/pass phrase to access a private key. The same public key can then be used for access to all systems/applications.
    • Passwords to be come fossils

      A PIN or Pass phrase is same as password. So we are back to where we are.

      Also, DNA??? So next time i lose a hair, it is a tool for a hacker to hack into my accounts.
  • RE: Passwords to become fossils by 2017?

    both Farcebook AND Twatter to still be around in five years. Now that IS a big prediction!
    jan bLinQue
  • I don't think this will fly

    If your password gets compromised, you can change it. If your biometric identity gets compromised, you're screwed for life.
    Biometric software requires specialized hardware, and as long as this isn't the standard, it's almost impossible to roll out successfully.
    What we need is a global authentication system that works with certificates. Getting everyone to adopt one standard is the reason why security is so fragmented, and broken.
    General C#
    • RE: Passwords to become fossils by 2017?

      @General C#
      Welll said, "bio identity becomes compromised, screwed for life." LMAO....
      I have a better one though, there not shooting some damn laser beam into my eye.
  • RE: Passwords to become fossils by 2017?

    just about anybody can take your high resolution photograph and recreate your digital signature and voila your identity is compromised. even your iris/retina can be resolve by a high resolution camera from a distance, what is there to mitigate this kind of intrusion. are they going to arrest everybody toting a camera just because? at least username/password can be hidden. my 10 cents...
  • Possible threats?

    How much are we looking forward to the day when ruthless robbers start to hack off people's fingers to go with their credit-cards?
  • RE: Passwords to become fossils by 2017?

    From what I've seen, a common login system is far more realistic. Maybe even an ID card.

    Biometric has too many issues - if somebody's biometric profile is compromised, it would be impossible to recover from. The fastest growing crime is ID theft, and being able to get a new ID after a compromise is vital to any identity system. Not to mention the privacy issues.
  • Please actually understand biometrics before writing it off

    Every time biometrics is proposed as a solution to a problem, a steady stream of objectors emerge claiming that because biometrics cannot be revoked or reissued, you're screwed if a bad guy gets your biometric data from a database. They project that biometric data would be the target of hackers, and that once they have it, they can simply pass off the data for a person to become them. This misunderstanding pervades many discussions, and has led to a panicked response whenever a biometric authentication is proposed. Reality is, this is not how biometrics works.<br><br>Biometrics is not like passwords, which have to be kept secret, and once known, are useful to any imposter to assume your identity. Inherent to a biometric system is that understanding that the credential is [b]you[/b] (your finger, your face, your voice), not the enrollment data - a measurement artifact - that a system may store after having measured you, for comparison against a future similar measurement at authentication time. The necessary design presumption in biometric systems is that you are in public view, so any one - good or bad - could measure you and extract that same artifact of your biometric data - without having to hack any database. Well-designed biometric systems mitigate this threat by ensuring you are being newly measured at the time of authentication, and secure against an imposter submitting someone's enrollment data they captured via whatever means.<br><br>Said another way, the critical concept missed by those who believe that biometric data would be targeted by hackers, and cannot be reissued if compromised, is that simply possessing the biometric data doesn't allow someone to present that data to another biometrically protected system and say, "here's the biometric data that says who I am." Each biometric system, properly implemented, provides a high level of assurance that a new biometric measurement is being taken from a real person, and securely submitted to be compared with the enrollment sample. <br><br>Usually, this is where a naysayer would say "AH! I saw where a fingerprint system was spoofed by a fake finger, allowing someone with the victim's fingerprint to gain access to..." While it is true that early fingerprint readers did not place a priority on assuring a live finger is on the reader, the exposure of this issue 6+ years ago has driven the manufacturers to significantly enhance the security of the scanning process, from liveness detection to encrypting the data in transmission from the scanner. Today's state-of-the-art fingerprint scanners have never been spoofed, and the technology continues to be advanced to make that even harder in the future. Costs also continue to decline, making their use in mobile devices for simple strong authentication a natural fit.

    Judging biometrics technology based on a fundamental misunderstanding of how these systems work, or based on the status quo of technology years ago is akin to saying that you won't use a cell phone because you heard they could be cloned. Modern phones have eliminated that threat by using digital, secure communication technology, in response to that threat, and so have the biometric manufacturers.<br><br>So, no more than someone seeing and recognizing your face as you walk down the street, or even taking a picture of you, would allow them to become you for identity purposes, biometric systems presume that the credential - you - is semi-public, and are designed to ensure that you, not just your biometric data, are present at an authentication transaction.
    • RE: Passwords to become fossils by 2017?

      @SecurityThroughObscurity <br><br>Blah, blah, blah....
  • Typo: It's IBM, not 1MB

    Heh - this is a typo I make all the time; IMB for IBM. Dates from IBM's "let's put the ROM at 640k in the memory map and extend the address bus to 1M, that should be enough forever" original PC design.
  • RE: Passwords to become fossils by 2017?

    Password-based security schemes have one advantage biometrics will never, by their very nature, be able to match: given the proper precautions, they allow for anonymity. This is a feature, not a bug. As long as there are people who need to communicate without being identified there will be a need for non-biometric ID schemes.
  • An ATM Machine?

    That would be an Automatic Teller Machine Machine.

    How stupid is that?