Let’s skip forward 20 years or so… remember the password? Remember the days when we had to remember different passwords for every account – and update them every three months? Ah… you think wistfully… the password. Why can’t we go back to the good old days of the password?
Today, you’ve got so many people breaking into bank accounts with stolen fingerprints that everyone’s wearing white gloves. And someone hacked into my Windows account by waving a photograph of me at the screen. They said that wouldn’t happen.
And then Alistair McGowan got arrested for accessing the bank accounts of the rich and famous through voice recognition. Of course, Alistair McGowan hasn’t been arrested, and we’ve only just started to welcome these technologies into our lives. And while passwords can be secure, they’re clearly only part of the whole security solution.
You can now get wristbands that measure your heartbeat – and your heartbeat rhythm is your password. If you’re unconvinced by that, try the latest Windows technology which allows you to sign in using your face. Biometrics is gradually trying to replace the password – so that you never have to remember anything, you just have to be yourself in order to access the things you want to access.
And yet, that produces a whole host of other potential problems we haven’t even yet considered. Fingerprints can be stolen. Heartbeats can be irregular. Faces can be made on 3D printers… nothing is ever 100% secure, as most financial institutions will tell you… but we should be aiming for 100%, even if we know we’ll never reach it.
So while security is our most significant consideration, also approach it from the angle of usability. If the process is not simple (I can think of one bank whose login procedure involves two devices, for instance), then people will give up and there was no point in creating the fancy security process in the first place. If it happens that the password is slightly easier, weigh up whether that gain in simplification is worth the slight loss in potential security.
After all, there’s no point in creating a voice recognition software if no one wants to be seen using it.