Your palm will be your next password

Your palm will be your next password

Summary: Intel has demonstrated new ways for devices to recognize individual users.

TOPICS: Intel, Security
intel palm technology biometrics password security

Passwords could become a thing of the past if technology giant Intel's new products makes its way to laptops and mobile devices, Reuters reports.

The traditional security method, even when linked to different verification methods, remains an exploit that cybercriminals can pursue. Connectivity online often means that users will keep to the same password, or similar variants -- and once one account is breached, that information can be used to tap into financial information, online payment systems, or sensitive work documents.

But if Intel's prototype "Client-Based Authentication Technology" is successful, biometrics may be the latest defense against cyberattacks.

Intel researcher Sridhar Iyendar demonstrated the technology at Intel's Developer Forum this week. Waving a hand in front of a "palm vein" detector on a computer, one of Iyendar's assistants was logged into Windows 7, was able to view his bank account, and then once he moved away the computer locked Windows and went into sleeping mode.

The biometric sensors used on the laptop detect the unique vein patterns on a palm, which is of course far more difficult to forge than a password made up of '12345' or 'qwerty'. Lyendar said:

"The problem with passwords -- we use too many of them, their rules are complex, and they differ for different websites. There is a way out of it, and biometrics is an option."

The researcher said that once the device has recognized a user, that identity tag can be forwarded to any number of accounts securely; from banks to social networks, email or business networks. This would mean individual websites would no longer need to support password networks if the tech becomes widespread.

The palm-reading technology needs new software and sensors to be build into consumer laptops, but there's no need for a new kind of chip -- so biometrics may be on the shelves sooner than you think.

Biometrics may not be to everyone's taste, and the technology still needs work -- as airport officials in the UK found to their chagrin. Iris scanners were bought in to airports, costing £9 million, but were already out of date by the time the machines were installed. In addition, the tech was found to be less accurate than governments believed it would be.

However, new methods of security have to be found if account breaches and networks are not going to remain the playground of hackers. There's a reason why so many passwords include easy to remember number codes or word sequences, and the same password is used across multiple accounts -- the general public need an easy way to secure their data. Asking people to remember multiple patterns rarely works. Whether we like it or not, a swipe of the hand may be the answer.

 Image credit: Jane Rahman

Topics: Intel, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Single-Factor Authentication Is Backward, Not Forward-Looking

    Remember what Bruce Schneier said: there are three ways to authenticate yourself, based on something you have (e.g. a card or key), something you know (i.e.. a password), and something you are (i.e. biometrics). The minimum considered to offer decent security these days is to use two factors, not one.
  • You know what's really distasteful about biometrics?

    Cyber security is a highly technical yet essentially transparent business. There are no secret algorithms anymore; the emphasis is on standards, independent testing, robustness, and falsification. Teams of academics and government labs worldwide constantly stress test the best cryptography, and periodically the industry has to change algorithms, as with DES, MD5, and SHA-1 in the past 10 years or so. The core truism in security: There is no such thing as perfect security.
    But biometrics is different. No commercial biometric is able to be cancelled and reissued in the event of compromise. There is no disaster recover plan for biometrics. In recent years we've seen several major modalities succumb to reverse engineering, where an attacker can take a template and synthesize an image that will be detected by the target system as a match. Fingerprint, face and most recently iris algorithms have been reverse engineered. The biometrics industry's response ranged from dumb silence to flat denial that this sort of thing matters much at all. But the reality is, despite the hype, that no serious biometric is deployed in unattended settings, or as a single factor.
    To seriously evaluate the new palm vein scanning laptop, we need more details:
    - What is the False Accept and False Reject performance? How do they interrelate? That is, what does the Detection Error Tradeoff curve look like?
    - What is the test protocol?
    - Has testing been done under Zero Effort Imposter conditions? Or does it really indicate resistance to real world attack?

    Unlike mainstream security practitioners, biometrics vendors tend to be secretive. There is still no real standardisation of biometrics test methods or specifications. And no vendor I know of will reveal their DET curves.
    • Agree

      Single-factor authentication has passed its use-by date, but single factor biometric authentication is particularly stupid.
  • Intel has no real security expertise

    So they come out with geekyish and utterly impractical rubbish like this. And as others have pointed out, this is just basically single-factor authentication.
  • Nice try but its not that secure.

    If your laptop can recognize the vein pattern of your palm. Another device can copy and replicate it.

    A simple password that is memorized is still the most effective security and will remain so until your thoughts can be read by man or machine. Once you write a password down it is no longer secure. Keep the password simply and memorized, especially if you input it incorrectly three times and then you are locked out until reset.

    Even a DNA scan could be copied and used. Remember the KISS principle - Keep It Simple Stupid. Complexity will destroy you every time.