Blog article
See all stories »

Forget the 'Forgot Password?'

When was the last time you clicked “Forgot Password” to recover the password for a dormant account on some mail server, blog, social networking site etc.? I think the days are not far when you won’t even get a chance to see “Forgot Password” on most of the websites. The advancement made with the use of technology in the field of authentication is going to change the world as we see it today. That’s the reason why I am trying to analyse the options which will be available to people in near future for authentication.

Bionym Nymi: The Bracelet that uses your heart rate to confirm your identity

The website of Biony Nymi states “The Nymi lets you use the unique cardiac rhythm to authenticate your identity and allowing you to wirelessly take control of your computer, smartphone, cars and much more.

As you wake up know that wherever you go the Nymi will be interacting with your devices, creating a smart, password and key-free environment. The Nymi will also have customizable notifications. If you’re the kind of person who likes to be connected to their emails, texts and social updates, you’ll never be behind with the Nymi”

Certainly the concept to live in a password free world seems to be sci-fi at this moment, but it’s the early adopters and speed to market for this kind of authentication devices that is going to make a difference. Canadian firm Bionym has already funding of $14 Million and its website is up for pre orders for first 10,000 devices.

 

Sonavation AXISKEY™ personal biometric authentication

Sonavation is on a mission to eliminate passwords and perfect personal authentication with the world's first and only patented biometric ultrasonic sensor technologies integrated into a military-grade identity-as-a-service (IAAS) encryption methodology. With breakthroughs like the world's thinnest and most flexible fingerprint sensor and the world's smallest hybrid ultrasound imaging ASIC, Sonavation has been awarded 34 patents plus more than 70 provisional patents pending. Sonavation is partnering with OEMs and ODMs to integrate with future access control systems, mobile phones, smart cards, and a host of other systems and devices to empower absolute authentication, curtail identity theft, and deliver application data security across a variety of applications and use cases.

Though Sonavation introduced the technology earlier (Jan, 2014) than Bionym, the only challenge that I see is that it’s not a wearable band. Thus, it will add one more item to your daily kitty of goods that you carry around.

Fujistu Palmsecure

PalmSecure is a biometric authentication device that provides the highest level of security using palm vein authentication technology. It’s difficult to forge the palm vein data because it is inside the body.

Palmsecure has already got its first corporate customers, namely Robocoin( Bitcoin ATM Manufacturer) and Biyo Digital Wallet(formerly PulseWallet).

 

It’s pretty clear that these innovations will usher a new era without passwords and PINS. It’s only the time factor which will make consumers adopt the technologies of future. Most of the financial institutes are embracing the upcoming technologies to deliver hassleless and secure services to its customers. But, it’s not only the financial industry that’s going to be impacted by these devices.

Consider a world where you need not to enter password to check your e-mails; no identity cards to wear before entering your work-place; your phone locks/unlock itself when you provide the secure authentication. The technology has taken the imagination to new heights and we are yet to see that which of the above solutions wins the race in technology adoption by the mass consumers.

Upcoming Authentication Technologies
2589

Comments: (5)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 28 September, 2014, 14:451 like 1 like

Maybe I’m suffering from a time warp but I've been living in this world for a long time: 

  1. Outlook, BlackBerry, Android Mail and other apps that have been around for ages don’t need users to enter a password every time they check their email.
  2. Fingerprint-scanner equipped smartphones that can unlock themselves without passwords have been around for a while now.
  3. Employees have been tapping their chip-embedded ID cards on RFID readers to enter their offices for over 10 years. They’ve also been using physical ID cards to prove their identity with third parties e.g. merchants who offer discounts for employees of certain companies (but not others). It’s technically possible for an NFC-equipped smartphone to replace cards but how would that support the current multipurpose nature of physical cards?
Paramdeep Singh
Paramdeep Singh - HCL Tech - Chennai 29 September, 2014, 12:37Be the first to give this comment the thumbs up 0 likes

Agree with your point Ketharaman. 

What I am trying to contend here that if the world adopts one technology which is highly secure and linked to biometrics/something unique to the person, then there's high probability that the world we see might change significantly.

Only fingerprints as a biometric identity is not secure enough. So, the advent of ECG and palm vein scanners opens for us a new area where compromising with security will be difficult.

 

Just wonder, only one device used as an identity to enter your office, unlock your car, log in to your e-mails and so on. Passwords will be a part of history then.

 

A Finextra member
A Finextra member 29 September, 2014, 14:18Be the first to give this comment the thumbs up 0 likes

Good authentication already exists.  For example, Google Account has relatively simple 2-factor authentication that works.  Biometrics suppliers, in their enthusiasm, talk about offering the user a significant improvement in speed, conveniance and effectiveness.  The promise of all of these methods is that they will eliminate passwords and PINs and make life frictionless.

But isn't the real benefit of better authentication in it's actual application?  If merchants, web site owners and service providers the world over can't be bothered to implement better authentication now, why are they going to do so in the future?  The real benefits must be delivered be to those participants not just the users.  Namely, quick and easy integration, fast authentication, and all at a low, low price!

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 29 September, 2014, 15:58Be the first to give this comment the thumbs up 0 likes

@ParamdeepS:

If I had a penny for everytime I read "passwords will be history", I'd be a three-time millionaire - with the first and second million coming from "cash will be history" and "plastic (credit cards) will be history" respectively!

Jokes apart, using only one device for accessing everything sounds ideal but it's neither desirable nor practical. Not desirable because it goes against the basic principle of security, which dictates that things with different degree of sensitivity must be secured by access control mechanisms of different strengths. Not practical because, even if we somehow hand out such devices to everyone, the cost of installing readers everywhere to read those devices is simply too prohibitive. I was alluding to this in my comment about NFC-smartphone-employee-ID not fulfilling all purposes to which physical cards are put to today. Similarly, while Aadhar cards may be issued to >500M Indians, I haven't come across a single Aadhar card reader that can scan fingerprints to authenticate an Aadhar card holder.    

I'm intrigued when you say fingerprint is "not secure enough". If that's the fate of the outcome of decades of work, there's little hope for newfangled - and somewhat harebrained  - biometric 'factors' like EKG / hearbeat (http://www.finextra.com/community/members/PreviewDComment.aspx?dc_id=12081).

Brian Douglas
Brian Douglas - Freelance - Madrid 30 September, 2014, 09:40Be the first to give this comment the thumbs up 0 likes

Without having to go to the expense of resorting to biometrics there is a highly secure 2 factor authentication from a London based start-up that does away completely with username and password instead relying on a simple 4 digit PIN, launched either from a browser (HTML5) or from a mobile app (though for a bank this can be embedded into their own app and launched on opening). Authentication is performed between the Client and the Authentication Server using the app Protocol, a zero knowledge proof construct. The result is that the server has just one leakproof cryptographic key, which if compromised or stolen reveals nothing about users in an enterprise or your web application. 

In addition, the software operates on a principle of distributed trust, whereby the root key generators are split between the proprietor´s servers and those belonging to the client, meaning that any attack would have to compromise both of these systems to have any chance of being successful. 

Apart from the ease of use and deployment as well as the added security, another major point of interest is that its use can reduce authentication costs by up to 93%! Security does not have to be expensive.