A World Without Passwords?

How many times a day do you use a password? It’s probably more than you think. Did you read an email, check your social media, watch something on Netflix, or use money your parents got out of the ATM? Each of those used a password. With so many passwords out there, and more coming every day, it must seem like the world is more secure than ever. Actually, thanks to hackers, the opposite is true.

Are we going to get stuck in a future using more and more passwords just to get less and less secure? Some scientists are looking at ways to avoid that. They are looking for ways to protect information in a way that would be impossible to hack. One way to do that would be with behavioral biometric authentication.

Biometrics may sound exotic, but you’ve probably seen them used by someone you know. Fingerprints and Face ID – those are biometrics. Rather than matching a password, software on the phone compares some part of your body – finger or face – to its record of that phone’s user. If there is a match, they get to use it.

biometrics-finals

Behavioral biometric authentication takes this idea one step further. Instead of using your fingerprint to unlock your phone, the phone can monitor how you interact with it. For example, how you hold the phone, how hard you tap the screen, and how you swipe, and scroll can all be used to determine if you are the phone’s rightful owner. In the same way, your email or social media accounts can track how long it takes you to read a page, how you move the mouse around the screen, and how quickly you type.

This kind of security makes breaking into your account much more difficult for hackers. Hackers can’t simply steal your behavior the same way that they can steal your passwords. Even if a hacker watched you move around a website, they would still have a hard time copying your motions accurately enough to avoid setting off alarms. Because of that, behavioral biometrics could allow the world to eventually get rid of passwords altogether – along with fingerprints and other types of logins. The only thing you would need to do to secure your phone or email is to use it just like you normally would.

However, behavioral biometrics does carry some problems of its own. After all, this type of security requires collecting a ton of information about how you behave on your phone and online. Understanding your behavior can be a very powerful tool for targeted advertising. Right now, there are almost no rules about how companies can collect information about your behavior, which means that you won’t have much say about whether your data is used for targeted advertising.

targeted advertising

Worse, even if hackers can’t get into your personal accounts, they can still wreak havoc. Hackers will likely figure out a way to break into databases of online behavior, which can be even more of a problem for future security than stolen passwords. While passwords can be changed after a break-in by hackers, your behavior is a personal characteristic that can’t easily be altered.

Despite these concerns, behavioral biometric authentication is already making its way into the world. Major banks are often the targets of hackers using stolen passwords – and they have been among the first to roll out behavioral biometric authentication to secure their websites and apps. The result is that banks can instantly flag online transactions that look suspicious based on the behavior of the person using the account. Behavioral biometric authentication hasn’t yet spread to social media platforms, online retailers, and physical devices like phones. But experts are watching closely to see whether this technology works for banks and whether it could improve security around the world.

Behavioral biometric authentication could fundamentally change the way that the world approaches online security. As this new technology spreads, the day may be coming when you can finally forget all of your passwords.

Glossary

Authentication – The process of determining whether you are the rightful owner of a device or account.

Behavioral biometrics – Tracking your behavior, such as how fast you type or how you navigate a website.

Biometrics – Measuring parts of the body, like your fingerprint or face.

Online accounts – Websites and platforms on the Internet that require a username and password, such as social media, email, banking, and online retailers.

Targeted advertising – A method of placing advertisements based on your age, gender, or behavior.

Copyright @smorescience. All rights reserved. Do not copy, cite, publish, or distribute this content without permission.


Join 20,000+ parents and educators
To get the FREE science digest in your inbox!

Author

  • Michael Graw, Ph.D.

    Michael Graw is a freelance journalist and photographer based in Bellingham, Washington. He holds a PhD in oceanography from Oregon State University. Michael is excited about making scientific research easier to understand and sharing the stories behind the science. When not writing, you can find him climbing, skiing, and trail running. Writing for Smore gives Michael an opportunity to share the most exciting new developments in science today with tomorrow's scientists.