If you’re like me, you love a movie with a good plot…one filled with unexpected twists and turns that keeps your attention, and sprinkle in a little bit of emotional baggage, then add a murder plot to the mix, and you’ve got the next Oscar-winning movie! Throughout this type of movie, each moment is carefully planned to ensure viewer engagement and interest stays piqued. The same is true in the mobile world, only the plot here revolves around the murder of the password by biometrics. (Weird, scary music can be heard in the background.)
The setting opens up in the 1960’s where people used mainframes housed in an entire room. These time-sharing computers required a user to enter their login name and password, telling the computer who was sitting at the terminal and which files to make available. Back then, stealing someone’s password was a practical joke. There was only one computer where you could use your credentials and not too much personal information was displayed.
Fast forward 50 years, and look what the right password can do: allow you to read emails, order products, hijack cloud-storage accounts, even delete every trace of someone’s digital life! And, all this and more can be done anywhere as long as there’s an internet connection.
Here enters the character, PayPal, who in 2010 decided to consult with their head of security, a fingerprint security entrepreneur and a renowned cryptographer to establish an easier way to log into PayPal. Two years later, the FIDO Alliance was launched, a group trying to wean companies off passwords for good; hence, the murderer takes center stage to kill the password.
According to the members of FIDO, if people log into their computers with fingerprint readers, sites could log them in automatically using the Zero-Knowledge Proof protocol that proves a successful identification has been made without giving away details. Therefore, a single device could authenticate someone to the entire web.
Take the iPhone 5s, for example. You always have a finger with you and in this day, you always have your phone, so logging in isn’t an issue. The combination of finger and phone makes security much harder to break, and it looks like there’s no room for a password credential.
This never-ending story came to a halt on April 11th with the arrival of Samsung’s new Galaxy S5, complete with a fingerprint reader, but this reader is special. It plugs directly into PayPal which connects the user to dozens of different payment systems. Instead of a password, all that’s needed is a fingerprint to carry the user through the entire web.
RIP password.