Around half of consumers would "choose anything but a traditional username and password account registration when given the option", according to identity management firm Gigya.
But would they choose these truly bizarre password alternatives that have been proposed over the years, and would your business be safer switching to them?1. Biometric Buttocks
Picture by Holgar Ellgaard
What is it?
It was, according to Professor Shigeomi Koshimizu and his team at the Advanced Institute of Industrial Technology in Tokyo, a chair that could identify whoever was sitting in it and enable a kind of sit down to log in authentication system.
How does it work?
The chair itself was fitted with 360 degree sensors that profiled the users, erm, buttocks (via Phys). Measurements including such things as your contours of your buttocks, their weight and the pressure patterns you exert as you sit down were captured in order to identify the user. If all the metrics matched the user profile, then authentication was completed. The professor claimed a 98 percent success under lab conditions.
Would it make your business more secure?
Originally intended as an anti-theft device for motor vehicles, the bum biometrics idea would surely be doomed to fail in an office environment. For one thing, if it got the login wrong twice out of every ten attempts that would soon get old. Then there's the problem of gaining a bit of weight, which would see you locked out of the network, and the resulting embarrassing tech support call. Not to mention requiring staff to allow you to measure their backsides and store the data being more than a little problematic in practice.
2. SkullConduct
What is it?
Created by researchers from the Human-Computer Interaction Group at the University of Stuttgart and the Perceptual User Interfaces Group at the Max Plank Institute for Informatics, SkullConduct is "biometric user identification using bone conduction through the skull." Literally a login system that demands you use your head to remain secure.
How does it work?
Apparently SkullConduct uses changes made to a sound wave once it has passed through bone, in this case the skull, to identify an individual user with a 97 per cent success rate under lab conditions. Why the skull? For a start every skull is sufficiently unique to enable identification, and it also lends itself to the sensors coming in the form of specially modified Google Glass devices.
Would it make your business more secure?
We can't see this working in an office environment for two reasons. Firstly, the 97 per cent success rate was under lab conditions where the environment was free of external noise. Even 97 per cent is way too low to be usable, and if normal office noise levels drop it further then it's a massive fail. Secondly, who wants to wear Google Glasses at work?3. The e-Nose
Crim-Track is a project to create a portable "sniffer"
What is it?
Everyone smells, and more to the point everyone has a different smell. Yes, we are talking body odour, and some scientists are talking about using body odour as a biometric.
How does it work?
Researchers from the Universidad Politcnica de Madrid (UPM) and a Spanish start-up called SEADM have been working on identification by smell (via Technologist). These e-Nose technologies all work in pretty much the same way; building a chemical profile of the target user and matching future scans against that. That profile, and the future scanning, is done in slightly different ways though. So while the US military via a DARPA project requires a swab from your armpit (yuck) to produce the molecular profile, the Spanish folk just need to sniff your hand. OK, they need you to put your hand in a glass jar and the machine sniffs out the chemical profile.
Would it make your business more secure?
Unfortunately, the e-Nose had failure rate of 15 percent last time we heard about it, which is far too unreliable for a business critical environment.4. Behavioural Metrics
What is it?
The military research boffins at DARPA (via Behavio Sec) have been working on something called the Active Authentication program for some years, and it essentially promises to identify an individual by measuring what they do and how they do it. In other words, using human secrets as an authentication method.
How does it work?
Rather than scan your fingerprint or eyeball, DARPA is talking about a process of continuously monitoring how you move a mouse or type on a keyboard. Everything from speed to pressure, eye movements and your overall interaction with the computer (or mobile device) are measured; including your browsing behaviour.
Other researchers are looking at similar behavioural monitoring, for smartphone touchscreen interaction, for example. These behavioural metrics wouldn't actually replace the password, or whatever login authentication method is in use, but rather ensure that whoever continues to use the device is the authorised person and not someone else.
Would it make your business more secure?
Yes, it almost certainly would given that it extends user authentication into a continuous process. The problem, however, comes with the Big Brother implications of continuous monitoring alongside practical concerns such as changes caused by injury, health matters (like failing eyesight) or even the use of a new mouse or keyboard.5. Gait Recognition
What is it?
This is how Aerosmith might choose to login, as it is based around a 'walk this way' concept. Your identity can be tied down to the way you walk, according to Japanese researchers from the Shinshu University (via the Royal Society).
How does it work?
The way that you walk is a unique identifier, it turns out. Computers are pretty good at recognising known gait patterns, so it was just a small step (pardon the pun) to incorporate this into authentication technology. What these researchers did was find that your dynamic foot pressure pattern, an indirect method of reflecting the acceleration of all body parts, is also unique. The user walks across a pressure sensitive surface, and 3D image processing captures the gait. Combining the two data sets and doing some clever processing enables a 99.6 percent success rate.
Would it make your business more secure?
It could do, from the authenticated access to a building perspective, but we can't see how this kind of technology would be transferable to network logins and the like. Plus, what happens if you sprain your ankle or turn up wearing unfeasibly high heels to work?
-
I love magic links – why aren’t more services using them?Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential securityNews Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrencyNews The hackers behind the LastPass breach are on a rampage two years after their initial attack
-
GitHub launches passkeys beta for passwordless authenticationNews Users can now opt-in to using passkeys, replacing their password and 2FA method
-
Microsoft SQL password-guessing attacks rising as hackers pivot from OneNote vectorsNews Database admins are advised to enforce better controls as attacks ending in ransomware are being observed
-
No, Microsoft SharePoint isn’t cracking users’ passwordsNews The discovery sparked concerns over potentially invasive antivirus scanning practices by Microsoft
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacksNews The added layer of complexity aims to keep social engineering at bay
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
