IBM’s other prediction for 2016 – no passwords

  • Article

Following up from my previous post, the other prediction that IBM made was that in 2016, we wouldn’t use passwords to get to our important information.  Instead, we would use biometric data to authenticate ourselves.

We would choose to provide certain amounts of information about ourselves to our computers and to private networks such as a bank.  When we want money, we’d walk up to an ATM and simply speak into it.  The machine would authenticate against our biometric data and gives us our money.  This would (a) save us the inefficiency of using our brains to remember reams of passwords (a fact that I have complained about in the past on this blog), and (b) be more secure because a hacker might be able to steal our username and password but they wouldn’t be able to steal our biometric data.

Or could they?

Obviously, the folks at IBM don’t watch enough Hollywood movies.  How many films have you seen where people have to pass a retinal scan to get into some top secret location, and the bad guy or good guy still manages to do it?  What if we used voice authentication?  I can see spammers hacking into phone lines and recording conversations between people, or chatting with people online, or something (perhaps an adult chat website where the owner records the chats for their audio and then uses those to break into a bank account).

Biometric data is nothing new. It’s been around for a long time.  My laptop has a fingerprint scanner on it which supposedly unlocks my laptop but I never use it.  It’s kind of slow and I have to swipe it multiple times, most of the time, whenever I want to use it.  I said to myself “Forget this.  I rarely have to retype my password, and I can type in my password faster than it takes me to swipe the scanner.  Not only that, but my hands are already on the keyboard.  Oh, sweetness, I have just saved 1/4 of a second of the time it would take me to move my hand from the scanner to the keyboard.”  And we all know how lazy computer folks are.

Regardless of the technical limitations or if they get solved, one thing I can say for sure is that there is no way this gets implemented in five years.  Not in any sort of mass deployment around the world.

For one thing, people are paranoid about giving away their biometric information to private or public entities (and they probably should be, given how frequently everyone has gotten hacked this year).

Secondly, deploying new technology like this takes forever.  People are still using Internet Explorer 6 and that came out over 10 years ago!  And there’s been several versions since then!  Technology adoption does not come quickly.  There are some things that do (Facebook), but biometrics replacing passwords is not one of them.

You can take that to the bank.