Will 2013 be the year when we say goodbye to passwords? According to PayPal CISO Michael Barrett, speaking at Interop today, we are close to an authentication revolution. Apple will lead the way with the next generation iPhone as it will pack a more robust authentication protocol based on an open standard.
“We have a tombstone here for passwords,” Barrett told the audience, pointing to a slide with a tombstone for passwords with the years 1961 to 2013 etched on it.
“Passwords, when used ubiquitously everywhere at Internetscale are starting to fail us. [..] Passwords are running out of steam as an authentication solution,” he added. “They’re starting to impede the development of the internet itself. It’s pretty clear that we can’t fix it with a proprietary approach.”
It is important to note that Barrett is the president of FIDO (Fast IDentity Online) Alliance, which pushes for replacing 50-year-old password technology with convenient and industry-supported, standards-based open protocol. FIDO combines hardware, software and internet services to provide a secure user experience.
How FIDO works:
A FIDO user will have a FIDO Authenticator or token that they chose or was given to them. This could be any authenticator type that supports FIDO such as a built-in finger scan or a USB memory drive with a password. Users may pick the authenticator type that best suits their needs.
FIDO Authenticators will come in two basic variations.
Identification tokens will be unique identifiers that can be connected to the user’s internet accounts. Once they are connected to the account, they will be transparently presented each time the account is accessed as an identifier without the user needing to anything else. This will provide single factor authentication.
Authentication tokens can ask the user to perform an explicit action to prove it is really the token owner. These actions could include entering a password, PIN or finger swipe. These authenticators will provide two factor authentication with the token being “something you have” and the password being “something you know” or the biometric being “something you are”.
What it needs for mass adoption is a little help from a leading smartphone manufacturer, which could pave its way to success. And according to Barrett, this company could be Apple, which is widely rumoured to introduce an iPhone with an embedded fingerprint scanner.
“It’s widely rumored that a large technology providerin Cupertino, Calif., will come out with a phone later this year that has a fingerprint reader on it,” he said. “There is going to be a fingerprint enabled phone on the market later thisyear. Not just one, multiple.”
Currently, Apple already has several fingerprint-sensor related patents in its portfolio, and if the KGI Securities analyst Ming-Chi Kuo is right, we will indeed see an iPhone with a fingerprint sensor launched this year.