Visualizing the End of Passwords

Proving identity is becoming much more difficult. Unfortunately, our systems become obsolete before we stop using them.

Consider signatures, for example. They're obsolete as a form of authentication, yet they persist. Signatures are based on the idea that few if any can reliably forge or replicate someone else's signature. Perhaps this was true when writing utensils were unique and a sizeable percentage of the population was illiterate. It's not true today, and signatures are practically worthless as a security measure.

Just don't tell that to car dealers or title companies. Particularly comical is that we personally authorize retail purchases by signing via digitizers. A digitized signature could be affixed to anything. Oddly, we do this for no apparent reason, as cashiers rarely can see or validate signatures anyway.

MasterCard is the first major credit card company to admit the signature has outlived its purpose. It intends to drop signatures completely.

Right there with the signature is the Social Security number (SSN) in the U.S. In my younger years, the SSN was frequently used to determine identity. I thought those days were gone, but the recent Equifax breach revealed that the finance and credit sectors still use the SSN as a protective "barrier."

Signatures and SSNs are obsolete and slowly disappearing with regards to identity. Passwords, too, are obsolete, but they're just beginning their decline as a security tool. Companies heavily rely on passwords to establish identity on computer systems even though they're frequently hacked and stolen. With a user ID and password, anyone can be someone else. A better method to establish identity involves tokens that aren't so easily shared, stolen, or borrowed.

A New Look for System Security

Biometrics directly represent a person by one or more distinguishing characteristics. Fingerprints and facial characteristics are becoming the most-used biometrics for security; others include the iris, DNA, speech, and gait.

Facial recognition has the power to radically change the way we approach identity, identification, and security. Delta and JetBlue are experimenting with biometrics in lieu of boarding passes to speed boarding. Facial recognition technology has the potential to replace time clocks, driver's licenses, and purchased tickets.

Facial recognition can often be performed without the owner's consent or permission. In addition to verification, it can continuously authenticate. For example, the webcam that unlocked my PC can also verify that I'm typing this post. Opus Research predicts that continuous authentication will become a top trend in 2018.

Just walking into a store, business... or even country can result from a positive identification. Some facilities, even cities, use facial recognition to track people. Facial recognition can be used on its own or in conjunction with other biometrics such as speech recognition or with other identifiers such as a smartphone signal or employee badge.

Enterprise Communications at the Ready

Biometrics eventually will replace the passwords heavily used today to secure enterprise communications. Here are a few examples of emerging solutions by some selected enterprise comms vendors.

Avaya struck a partnership with Elsys, a company it met at the Sochi 2014 Winter Olympics, for use of its VibraImage technology. This technology gauges emotional states by analyzing video feeds in near real time for indications of agitation that may reveal criminal intent. It's available as a part of Avaya's hospitality solutions for hotel security.

Cisco has demonstrated facial recognition and voice recognition capabilities as components of its authentication approach within Spark. Spark rooms also detect the Spark app on a user's smartphone for additional authentication.

Microsoft's Windows Hello already unlocks Windows 10 desktops with facial recognition instead of a password. The technology makes use of 3D imaging with infrared-equipped cameras. Microsoft also offers facial recognition technologies to other applications. In 2016, Uber introduced real-time ID that matches a new selfie with the database image to authenticate a driver before accepting ride requests.

NEC NeoFace is a facial recognition heavyweight used extensively by governments around the world. The software provides very fast and scalable facial recognition and video analytics. NEC has coupled NeoFace with its UC solutions in hospitality, and is trialing a facial recognition unlock feature on a desktop phone. Hotels are using the software to assist staff with monitoring crowds and lines, identify suspicious behaviors, and identify guests. The technology has a wide variety of uses cases. CaliBurger, a hamburger restaurant, is using NEC NeoFace to simplify ordering, as shown in the video below.

Introducing "FACE" the AI Kiosk from WINTERSTONE on Vimeo.

Both Google and Amazon are developing stronger speech analytics that can identify the speaker. The solutions are expanding from understanding what we're saying to understanding who's speaking. This is particularly important for common-area devices. (For more on speech technologies, check out the Innovation Showcase at this year's Enterprise Connect event, coming March 12 to 15, in Orlando, Fla.)

Beyond Biometrics

Biometrics is coming, but it's not the final solution. Near term, companies will combine biometrics with other factors. MasterCard's previously launched "selfie app," for example, validates a user's identity by combining facial recognition with several other forms of validation including location and being able to unlock the smartphone . We're going to be getting more creative in various forms of multi-factor (or more) authorization.

Every new solution introduces new problems. Stolen passwords, credit cards, and other abstractions can be reset or replaced, but stolen fingerprints are an entirely different matter. There's not too much demand today for stolen biometrics, but this data has a long shelf life, and innovations aren't slowing. There are known cases of planted or fabricated DNA evidence in crimes.

The technology after biometrics will push us into some tricky philosophical and ethical identity questions. What's a person? Blood transfusions and organ transplants are possible today; tomorrow we may be able to transfer memories and possibly even replicate DNA. In genetics, CRISPR/Cas9 technology allows DNA editing in vitro today soon will enable that capability within living humans. How will authentication work if two people have identical looks and identical DNA?

Learn more about Speech Technologies at Enterprise Connect 2018, March 12 to 15, in Orlando, Fla. Register now using the code NOJITTER to save an additional $200 off the Advance Rate or get a free Expo Plus pass.

Dave Michels is a contributing editor and analyst at TalkingPointz.

Follow Dave Michels on Twitter!
@DaveMichels