“When he reached the entrance of the cavern, he pronounced the words, “Open, Sesame!” The door immediately opened, and when he was in, closed upon him. In examining the cave, he was in great admiration to find much more riches than he had expected from Ali Baba’s relation. He quickly laid as many bags of gold as he could carry at the door of the cavern; but his thoughts were so full of the great riches he should posses that he could not think of the necessary word to make it open, but instead of “Sesame,” said, “Open, Barley!” and was much amazed to find that the door remained fast shut. He named several sorts of grain, but still the door would not open…”
– Excerpt from the book — ‘One Thousand and One Nights — Complete Arabian Nights Collection’
We all know how the story proceeds with the forty thieves returning to their cavern and decapitating Cassim’s head. Well, we may not lose our head if we forget our password (well, not literally, pun unintended). However, it surely annoys us greatly at times.
The question is, why do we forget our passwords often? The reason — crazy, outdated password set-up rules which annoy us every time we go through a typical sign up process. These password set-up rules, digress us from our memory paths while setting a password we want to remember easily.
They make us follow these antiquated rules to set something, which can be hard to recall later. It always annoys me to set a password, satiating the rules of the system and not what I want to set and remember. See the below example — 8 characters, uppercase, lowercase, numbers and symbols or special characters?
See this other example below, from ‘McAfee internet security’ signup form. It is redundant to mention that the password must be ‘between’ 8 and 32 characters long. ‘At least 8 characters’ would suffice. The probability of someone exceeding 32 characters is negligibly low. Why not optimize the copy for most used case scenarios? This could be a topic for another post, perhaps.
“The real question is, why haven’t our systems evolved to a simpler password solutions? Granting easy access to users, securing their data and providing better user experience over all?”
How are we suppose to set a password navigating through a complex set of rules and remembering it? Most people wouldn’t. They either use a simple password which they can remember or they would set the same password everywhere. By doing this they are contradicting the very ‘security’ set by these complex password set-up rules and making the system vulnerable. It’s only obvious to see the oxymoron here, more complex the password set-up rules, less secure the systems.
With the usage of technology and various devices, we are evolving constantly. While on one hand smart phones make us smarter, they are also responsible for our fading memories. They remember for us now. Our brain is unlearning to remember a phone number; because it knows it can retrieve that information from our mobile phone when needed.
However, passwords are a different matter; they are supposed to be kept a secret. How do smart phone addictive individuals remember complex passwords? well, they write them down. And for ease, they write them down on note pads on their smart phones or on desktops or even on post its. And stick them at their work stations or worse keep them in their wallets or wherever it is easy for them to find because we need them so frequently. This makes it easier for an hacker to steal your password. Defeats the very purpose of having complex, security, password set-up rules.
Is there a better system which can offer better security from this gullible situation? IMO, there is no clear answer to this question yet. However, we can slowly evolve into safer, secure, better and more importantly easier solutions. How you may ask?
The answer is right in our hands, in our existing smart phones. Hiding in plain sight, ready to be adopted — ‘Touch ID’ and ‘Pattern Locks’. Yes, why not use them in our signup and user onboarding processes? It’s a simple and great tool for better security and better user experience. Isn’t it?
I have been experimenting this idea in my UI deliveries with ‘Touch ID’. It is very easy to include touch ID in user onboarding. If user chooses to enable it during sign up, it aids them when they use login. It overcomes the inconvenience of keying in username and password in required fields at login. When user opts to login with touch ID, authentication tokens are exchanged between device and the app. The app can only get notified if the authentication was successful; it cannot access fingerprint data from the iOS Secure Enslave. Further, fingerprint scan is stored without any identity mapping, and only using encryption format readable by the system Secure Enclave. The nodal maps of your fingerprints are never sent to Apple servers, nor backed-up on iCloud or iTunes. Making the entire process very secure and robust.
So what’s the idea for Android devices?
For Android devices and devices without Touch ID, Android password pattern can work as a replacement. However, pattern passwords are not as reliable as Touch ID. A study done by University of Pennsylvania explores smudge attacks using residual oils on touch screen devices. This study investigates the feasibility of recovering full or partial pattern by capturing smudges on the password pattern of Android smartphones. Even with smudge ‘noise’ from simulated application usage or distortion caused by incidental clothing contact, this study shows password pattern can be recovered, fully or partially. This study definitely proves the vulnerability of Android pattern locks against Touch ID.
Touch IDs or Pattern locks are a small step towards a bigger goal of secure and user friendly authentication processes. They surely pave way for many more innovative, smart systems to make our data and life more secure.
17 Comments on "Can we eliminate password at login altogether?"
https://www.viagrasansordonnancefr.com/acheter-sildenafil-50-mg-chile/
April 4, 2017Hi, I do think this is a great site. I stumbledupon it ;) I am going to revisit yet again since I
bookmarked it. Money and freedom is the best way
to change, may you be rich and continue to help other people.
https://www.viagrasansordonnancefr.com/sildenafil-pfizer-prix-citrate-patent/
April 23, 2017I got this site from my friend who informed me on the topic of this web page and now this time I am browsing this website and reading
very informative articles at this place.
beasiswa kemendiknas 2016
November 13, 2017Hi theree great website! Does running a blog like this require a loot of work?
I've very little expertise in computer programming
however I had been hoping too start my own blog in the near future.
Anyway, snould you have any ideas or tecchniques for new blog owners please share.
I knhow this is ooff subject nevertheless I just wanted to ask.
Thanks!
artikel ekonomi manajemen
Pendaftaran Kuliah gratis 2016
November 24, 2017Gredat post. I was checking constantly this blog and I amm impressed!
Veryy helpful information specifically the last part :) I care for
such information a lot. I was looking for thuis particular info for a
very long time. Thank you and best of luck.
alamat sekolah tinggi intelijen negara
beasiswa 2017 s1
January 6, 2018I needed to thank you foor thjis very good read!! I certainly loved
every little bit of it. I've gott you saved as a favorite to check out new things you post…
materi kuliah manajemen bisnis
cialis professional
April 3, 2018This is a topic that's near to my heart... Thank you! Exactly where are your contact details though?
Сialis
August 28, 2018Hello, I think your blog might be having browser
compatibility issues. When I look at your
blog site in Safari, it looks fine but when opening in Internet Explorer,
it has some overlapping. I just wanted to give you
a quick heads up! Other then that, wonderful blog!
luo.la
January 2, 2019Ye ! This Is A Good Blog!
hailporn
January 15, 2019Hello There! Have A Good Day!
navigate here
February 5, 2019I have read so many posts concerning the blogger lovers however this article is
really a good piece of writing, keep it up.
cialis canada
March 22, 2019I have been surfing online more than three hours today, yet I never found any interesting article
like yours. It's pretty worth enough for me.
Personally, if all webmasters and bloggers made good
content as you did, the web will be much more useful than ever before.
Cialis
April 12, 2019Good way of describing, and fastidious piece of writing to take facts concerning my presentation focus, which i am going to deliver in school.
PornDodo
March 16, 2020You're great. Learn from you!
PornDodo
March 27, 2020May the world be free from disease
2020
April 5, 2020Hi there! This is kind of off topic but I need some help from an established blog.
Is it hard to set up your own blog? I'm not
very techincal but I can figure things out pretty quick.
I'm thinking about setting up my own but I'm not sure where to begin. Do you have any tips or suggestions?
Many thanks
pornlist
June 16, 2020This is a good blog, happy every day
porn pics
June 25, 2020Looks good!I like this!