Petition against Passwords

Last updated: 21 March 2014

Passwords; we can’t live with them, we can’t live without them. That’s the view of most people when it comes to keeping their digital possessions and online personas secure.  We’re forever told to make our passwords stronger and longer by adding numerical digits and capital letters, but as much as we’d like to, chances are most people simply forget the ‘special’ combination of keyboard characters soon after they typed it into the registration form of yet another online service.

Personally, I take comfort in the knowledge that humans aren’t really wired to remember passwords. We have methods of coping, certainly, but when it comes to memorizing a truly ‘secure’ password, most of us will struggle. One example of the way we’ve adapted to remember passwords or ‘codes’ is the psychological concept of ‘chunking’. Put simply, chunking is the method of grouping items, often by attributing reason or significance to a group, in order to facilitate memory.

An everyday example of this might be to try and remember the phone number 07711989387 by grouping the numbers as 07711, 989, 387. Instead of memorizing 11 numbers, we are learning 3 groups. In fact, as Steven Hope noted in SC magazine recently, when John Shepherd Barron invented the first ATM machine in the 1960s, he proposed a six digit PIN, but his wife suggested four, as it was easier to remember!

In this article, Steven claims that humans are programmed to memorize patterns far easier than a sequence of letters and numbers. And clearly we are in need of alternatives if, as he says, a financial services house in South Africa recently calculated the cost of the number of calls its IT helpdesk was receiving to handle password resets at £27,600 per month.

So what are the alternatives? Steven mentions pattern-based authentication, a form of multi-factor authentication, which incidentally, is a feature of a new wristband developed by Toronto-based company Bionym. I came across this in an article by Rachel Nuwer in the New Scientist, and I can tell you, as a digital security professional, it had my pulse racing.

Named Nymi, the wristband confirms the wearer’s identity through electrocardiogram (ECG) sensors that monitor the heart, and then communicate that authentication to anything from iPads to cars. With biometric technology like this at our fingertips, it seems there really is cause to petition against passwords and ensure we live a truly secure future. As far as the Nymi wristband is concerned, I’d wear one in a heartbeat.