When considering new, hi-tech or even sci-fi types of stealthy alternatives to traditional typing in of passwords, many developments have surfaced recently:
- fingerprint recognition — actually, quite old stuff, hardware is very demanding if reliability and tight security are at stake. Can be easily defeated by using an authentic fingerprint of a real pass holder. Or his or her finger, as the last resort;
- eye retina can be just as unique as an individual’s fingerprint. However, it’s also beatable if the intruder gets a good hi-res photograph of that retina of an authenticated individual. Or just his eye, when in an emergency;
- face recognition as a password. Recent debacle with ICS phone rejecting Andy Rubin’s mug at that ground breaking ICS presentation tells us it’s still a joke for consumer grade devices. Can be defeated by photographs any day, or the individual in question sedated heavily next to you;
- finger gestures on a sensor screen. On legacy devices, like signing off your purchase, or a receipt, it’s similar to a digital signature. But this time, in Windows 8, it’s more fun, even if Microsoft Developers’ blog puts a lot of serious calculations and figures behind it.
On the last one, however, according to the inventor of RSA’s SecurID token, Kenneth Weiss, he doesn’t seem to think that this is “serious security”.
His argument is that those viewing from afar will be able to discern and even video tape the user making their gestures, thus figuring out the correct “picture”.
Sure, it could be just one step, or stage in tightening up the security of access to the device, and good old typing of a long quasy-random alphanumerical password might be still of much help. Just don’t forget about keyloggers and other password-stealing software swirling around you and your secure system.