Passwords are still widely used

Despite growing implementation and acceptance of biometrical identification methods like fingerprints, palm prints, iris scan, voice recognition and face recognition, passwords are still widely used. At this point in time, their usage actually still outweighs that of all biometrics combined.

There is little doubt that the day will come when biometrics will take over personal identification for good and passwords will become a thing of the past. We are not there yet; the password concept is not giving up easily. Why are not biometrics completely taking over this rather outdated, flawed thing?

All new high-end smartphones that feature biometrical identification for unlocking still sport a password system, just in case the first system fails! This says it all. No method is perfect. Biometrical sensors sometime fail to detect the pattern they are supposed to read, and we, as human beings, are all prone to forgetting that password at the most crucial moment.

The list of the strengths and weaknesses of each system is long, and a comprehensive comparison of all biometrics and passwords would be the subject of a technical article in a specialised high-tech magazine. Passwords, however, present two major, undeniable advantages: people have been using them for ages, long before the digital era, and they do not require any additional technical equipment. In a password’s validation process there are no physical sensors or sophisticated software that could fail – a perfect case of “simple is beautiful”.

In a world heavily relying on technology, the extreme simplicity of the password concept gives comfort to all those who are not particularly technically-minded, which is still the case of a large number of users.

Apart from the understood and annoying fact that you have to remember them, the main weakness of passwords is the poor security element that is often associated with them, and it comes from the way people use them, despite repeated recommendations from the IT community.

Since the advent of personal computing in the early 1980s, consumers have been given simple, basic rules, first about how to create a password, and second about how to be careful storing it, not disclosing it, and not saving on a computer or device that many other people use.

At the risk of over repeating it or perhaps even irritating those who do not need to be reminded: do not make passwords that are shorter than eight or ten characters. Combine capitals, small letters, numbers and special signs. Before anything else, the golden rule is not to use any known pattern, number, name or series that makes any sense or that follows a logic of some kind.

People who do not obey that golden rule unconsciously want to create a password that they can remember. But this is precisely the point, it is not supposed to be easily remembered. It is meant to be “weird”, totally meaningless and complex. Like for example “hG6TwMQ#8 per centm$”. Most if not all people are aware of that golden rule but about 10 to 15 per cent of the population still does not apply it. Otherwise how to explain that email boxes are still hacked every day?

My Samsung’s Galaxy phone has fingerprint and face recognition for unlocking it. The first method works fine most of the time, though not all the time. The second works, well…. from time to time. In all cases, however, and although I mainly use the fingerprint method to unlock it, the handset’s Android operating system requests the entry of a password about once or twice a week — totally rejecting and bypassing the fingerprint and face recognition methods. This is not a flaw and not an error I would be making, this is just how the concept is built. It still counts on passwords every now and then, as an extra precaution.

There are several applications where eye iris scan has been adopted for many years now for unequivocal and perfectly safe personal identification. These include security control at airports and border points in general, and at a few banks (at ATM and counter). Iris scan is infinitely superior and safer than any other method. Experience shows, however, that choosing biometrics instead of passwords is being decided on a case-by-case basis —until further news or development.