The end of passwords … or not

It is more than said and proven that passwords are the key that gives access to our information, and hence we give them so much importance. Today we use passwords to access our emails, the bank, social networks, online shopping sites … in short, we use passwords to access any site; and of course, as passwords must be robust, and on top of that we cannot use the same one for everything, so end up going crazy. That’s why some of us use password managers, mne-monics, etc. because otherwise it is impossible.

img1
Well it seems that the username and password have their days numbered. The UnifyID startup aims to completely eliminate this concept. As explained by its founder, John Whaley, if our devices are able to know us by how we act (where you move, how you behave, how you type, your results), why not make our actions be the ones to identify us? “What is it that defines you? It is certainly not a sequence of letters and numbers”.

Apparently the application works by collecting your information through an app, for iOS, and an extension of Chrome on Android (the Android version is on the way). Once it has collected all the information possible, it is able to interact with any website where we have a user account, ensuring a safe entry.

According to UnifyID, if anyone else tries to enter with your mobile, the system denies access because it recognizes that it is not you. How? The study of the steps of a person is enough for the ‘app’ to establish if someone else wants to ac-cess our data. The company assures that it is enough to have four independent measurements, whether they come from a wearable, a mobile, the heartbeats or the day-to-day movements in order to achieve 99.999% accuracy; but they also recognize that it is impossible not to have authentication failures.

The truth is that the idea is interesting, and may be the beginning of the end of passwords, however, is not gold all that glitters – too many loopholes and things in the “air”. This application, in short, aims to generate patterns of behavior as the authentication method. Great, fantastic, but what about that information? where is it stored? How is it transmitted? Via what means? Does this information circulate in the cloud without control?

We should note that this application even collects the steps we take every day, where we go every day, it can even pick up data from, for example, a “smartwatch” … finally, clearly speaking, collect ALL OUR PRIVACY.

img2Moreover, as we said earlier, this application works as an extension in Chrome in the case of Android, and as everyone knows, extensions in browsers are vulnerable, so the fact that all my privacy may be exposed to a possible attack does not make me laugh at all.

I do not know, the truth is that many doubts about this authentication method particularly assail me. Leaving aside the issue of security, what if one day I decide to change habits? It is often said that people are creatures of habit but, what if one day I decide to walk more, or I do not do what I “usually” do, or I simply radically changed my daily routine? I do not know if it will authenticate me the same, or otherwise refused to give me access to my information.

Dear readers, from my point of view and without any doubt, I am convinced that this type of authentication, through behavior patterns, will give much to talk about.

Sources
https://unify.id/
https://www.entrepreneur.com/article/268140
http://www.jrmora.com/

This post was published in Spanish on November 17, 2016.
https://www.securityartwork.es/2016/10/17/fin-las-contrasenas-no/

See also in: