There’s a low risk for load shedding on Thursday, according to Eskom, despite the rise in unplanned outages and unavailable capacity. In an update…
Jonathan Leblanc, Head of Global Developer Advocacy at PayPal and Braintree, says that biometric security systems like fingerprint and eyeball scans are a thing of the past. According to Leblanc embeddable, ingestible, and injectible technology is the future of security and will enable us to safely keep our login information within the confines of own body.
Now before we delve into Leblanc’s somewhat bizarre answer to the future of security, let us first see what the problems are with the current standards of password protection technology.
The password problem
The most standard and widely used method of online security is the “username and password”. Here one of the biggest problems we face is simply one of human nature. “Humans will always be the weakest link because the vast majority will always choose the path of least resistance over the one that provides the most security,” says Leblanc.
In his presentation “Kill all Passwords” Leblanc addresses the flaws within our current models of security and poses some rather unique ideas to mend them.
Over 90% of online users have passwords that fall in the “Top 1000 Used Passwords”. These passwords also aren’t exactly the most creative with “123456” and “password” taking the top spots.
But this isn’t necessarily surprising. In our modern age a large number of us have multiple password protected online accounts. So not only do we end up choosing a password that is easy to remember but we usually also use the same password for all our accounts.
Another flaw is that most, if not all, our accounts are linked to our email account. This means if a hacker can access your email account it basically gains access to all your other accounts by simply resetting your password using the “Forgot your password?” feature.
“We got to this point because we expected people to pick a convoluted series of mulit-case characters, numbers, and symbols that means nothing to them in order to secure their accounts.” Leblanc explains.
He says that one can further strengthen your security by introducing an additional biometric log-in that tells a system who you are. But he considers authentication methods like eyeball recognition and fingerprint scans “antiquated” and says there is also the problem of “false-positives” (invalid users identified as valid) and false-negatives (valid users being identified as invalid).
He goes on to say that these forms of identification will become obsolete even before any companies start looking to implement them.
Now let us take a look at what Leblanc envisions for the future of security.
Be the password
Leblanc has ambitious ideas to solve our current problems within online security but also says that this evolution should happen gradually.
“The work being done within the realms of biometrics through wearables, embeddables, injectibles and ingestibles, has a lot of promise. Realistically, it’s going to be the wearable devices and computers that maintain short term advances, as anything in the embeddable realm is not really seen as culturally acceptable by most of the population.” says Leblanc.
One of the more acceptable suggestions he has made is “vein recognition”. He explains that this measures vein uniqueness through blood flow and offers a much higher level of security than eyeball and fingerprint identification. Another one is wearable bands that recognise a person’s heartbeat.
Then he slightly starts to lean more in the sci-fi direction.
He talks of thin silicone computer chips with ECG (electrocardiography) sensors that can be embedded under your skin, which will identify people through their heart’s unique electrical activity. Then he speaks of an ingestible device that will be powered by your stomach and recognize you through your glucose levels.
As strange as some of this may sound, there are currently several companies researching the potential of these possibilities. They derive a lot of their conclusions with 24-hour hackathons, where developers are faced with complex technological problems and have to solve them within one day.
Although PayPal is collaborating with some of these companies, it emphasized (in a response to an interview that Leblanc had with IBTimes UK, that it is not directly working on any projects concerning technologies that are physically invasive.
“We have no plans to develop injectable or edible verification systems. It’s clear that passwords as we know them will evolve and we aim to be at the forefront of those developments.”
It seems the future of these technologies and their realisation is still uncertain but it is clear that there is a growing concern and that very soon we might start to see the first rays of these advancements shine into the public eye.