Passwords could soon be a thing of the past, if Whitehouse adopts Michael Daniel suggestion to kill Passwords and replaces them with selfies.
Speaking at Event dubbed “Building a Cybersecurity Roadmap: Developing America’s Edge” — hosted by the Monitor and The Center for National Policy, Michael Daniel, the cybersecurity coordinator at Whitehouse said selfies are a better alternative for securing online accounts as opposed to traditional passwords.
“Frankly, I would love to kill the password dead as a primary security method, because it’s terrible,” Daniel’s said, explaining why people should embrace facial recognition technology. “You could use the cameras on cell phones, which are now ubiquitous, so the selfies are used for something besides posting on Facebook.”
The Whitehouse Cyber czar called on companies to develop facial recognition technologies that are secure and easy to use. He warned people will go for complicated technologies. “If a security measure is too complicated or difficult, people just won’t use it,” he said.
When asked about his opinion on the recent move by Google and Apple to encrypt users’ data, Daniel was cautious and avoided a direct attack on the Silicon Valley tech giants. “Even things that are in safes or other places are reachable by search warrant in many cases,” he said. “We don’t want to have something that puts it utterly beyond the reach of law enforcement in appropriate circumstances.” Apple and Google’s have received wide criticism from FBI director James Comey in what he termed as a problematic move.
Michael Daniel won’t be rocking the selfies boat alone. Earlier this year, Google’s Eric Sachs expressed the need for a Smarter Identification method to replace or supplement Passwords. He attributed the increasing number of hijacked accounts to a problem of recycling passwords. “About five years ago, we started to see a significant increase in the hijacking of Google accounts,” says the group product manager for identity at Google. “We came to recognize it was a password reuse problem.”
Michael Barrett, president of the FIDO (Fast IDentity Online) Alliance, also thinks password as primary security measure is on life support if not dead. “Passwords were great when they were invented 50 years ago,” says Barrett. “They have had a good run, but they are clearly nearing the end of their lives.”
With increasing use of online services, consumer are overloaded with passwords and cannot cope up any more says Barrett. “If you asked the average internet user how many user IDs and passwords they had back in 2004, they’d respond, ‘Maybe five or six. Why do you ask?’ Now, they say, ‘I’ve got 30…and I can’t cope anymore.’”
Consumers face the problem of password overload by using the same password almost everywhere. “That basically means that the security of their most secure account is now the security of the least secure place where they’ve used that same password,” a fact know by criminals says Barrett. This might the cause of the recent explosion in the number of data breaches according to Barrett
Phillip Dunkelberger, CEO of Nok Nok Labs, a company that develops stronger authentication, says Password is a ‘cheap but expensive’ technology. “They are not very secure, they don’t help with privacy, and they are, in fact, really costly,” claims Dunkelberger.
Steve Kirsch, CEO for OneID, an authentication security vendor, also think “We’re stuck using 30-year-old technology,” making users more vulnerable to advanced cybercrime. “People keep using the same password security and expecting a different result. When you have something this fundamentally insecure, it’s not a question of if, but when you will be breached,” says Kirsch.
Other security experts agree with Kirsch that Passwords have long served their purpose. Brennen Byrne, CEO of Clef, a mobile authentication startup thinks passwords is “An incredibly important part of the internet that is about to fail.” The problem with passwords “is that they pit our memory against the computer’s brute force, and we’re reaching a point, as computers get stronger, where our memories just can’t hold up,” concludes Byrne.
However, note everybody will be willing to skim past the password and other biometrics such as the fingerprint scanner already in use iPhone to use the selfies. Consumer privacy groups and Lawmakers already voiced their fears that Facial recognition Technology could be used by government Agencies to spy on users.
“While facial recognition can be useful, these programs don’t do enough to protect privacy — and they are just the beginning of what is a growing technology,” said Sen. Al Franken (D-Minn.)
Senator Ed Markey (D-Mass.) warned that Facial Recognition Technology should be used cautiously and not at the expense of consumers privacy. “While these technologies hold great promise for innovation, consumers — not companies — should to be in control of their sensitive personal information, including having the choice to affirmatively opt-in to being subject to facial recognition or detection,” he said. “Clear policies that support consumer privacy are crucial as facial recognition technology is developed and deployed.”
Whichever way the ‘selfie’ debate goes, security experts agree that Michael Daniel introduced an important twist to the ongoing privacy debate.