Why passwords are on the way out

The way a person uses devices, like rhythm of writing and other cognitive patterns, are going to be used for future identification.

Hands typing on netbook users hardware mobile

Cognitive fingerprints, where algorithms identify device users through the way a mouse is moved, writing rhythm, or repeated typographical mistakes, are the basis of the next generation of identity verification being explored by the U.S. Army, according to a media outlet in the UK.

Pete Norman of British TV network Sky News says he has seen commercial documents pertaining to a contract related to West Point, the military academy, which describes the ongoing development work on so-called behavioral biometrics.

What is behavioral biometrics?

It's part of a new kind of invisible identification that could one day replace traditional identification methods, like passwords, DNA, and fingerprints.

This new identification tool takes advantage of the fact that when a person uses technology, he or she does so in a pattern. That pattern is unique and is based on how an individual's brain processes information.

This seamless and invisible way of identifying people should be more secure than a password because it's harder to guess a behavioral pattern like a hand moving a mouse— we all do it differently.

More elaborate physical systems like iris identification and supposedly strong two-factor authentication could also be on the way out—to be possibly replaced by a repeated spelling mistake. Two-factor authentication is where two different components are used to identify a user. The components are often something the user knows, like a password, and something the user possesses, like some kind of key.


Broadly, similar ideas exist now, but not for electronic identification. Analysis of how text is structured is currently used in plagiarism checkers. It's called stylometrics.

That copying detection works using a similar concept to this new authentication method discussed in the aforementioned commercial document.

The most sophisticated plagiarism checkers work not by comparing the subject document with other text, as you might think a plagiarism checker would function, but by trying to recognize a change in the writing style of an author. You don't need to compare documents to flag a potential fake, you just need to identify a change in the writer's style.

Behavioral biometrics works on the same principal—it flags a change in the way someone does something.

Where to use it?

One of the problems with the Internet has always been that it's quite hard to qualify users as being who they say they are. Passwords can be compromised easily, and crafty people can assume multiple identities if they want.

Tools that accurately identify a person could bring some semblance of order to the still Wild-West Internet, if indeed that's what society says it wants—there will likely be privacy crusaders who don't like the idea of a passive monitoring of identities.

But these kinds of seamless identity verification systems could be perfect for the upcoming swarm of Internet of Things devices, like connected fridges or home automation.

I don't think anyone could possibly mimic the panache with which I grab a beer from the refrigerator. So my fridge, at least, will be secure.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)