The world’s most powerful companies want you to log in with fingerprints and eyescans
As much as they discuss smartphone integration, I feel like the wearables market is the best mechanism for adoption. If Apple made a $99 fitbit style wristband with just a TouchID button that let you securely log into any and every website you needed to without having to remember a username and/or password, I’d buy it in a heartbeat.
Now, the question is whether a fingerprint should serve as a username or a password, which has good points on both sides of the argument. To me though, the more interesting question is “How do I keep from having to remember 30-50 different usernames with 30-50 different passwords when I know that all of them must have zero similarities to each other for the most basic security to be upheld?” As we creep (or plummet, depending on your POV) closer to the internet of things, this becomes an increasingly difficult problem to solve with the current tools.
As a thought experiment: just imagine a world where you go to a website, click a “Login with TouchID,” get a popup that asks you to verify on your registered TouchID device, and you can just touch a finger to your wrist to login more securely than a login/password combo ever could be.
That’s the pitch that gets me to buy a dedicated password device, because the “attach it to your smartphone” argument predicates itself on you never losing, breaking, forgetting to charge, or having your phone stolen. If a device serves *no other purpose* than personal passwords, and us essentially useless without a user’s fingerprint, then I feel there’s a much lower chance of it being a target for petty thievery (obviously if someone’s targeting you specifically, none of the above scenarios are perfect.)
I’m not sure how that above scenario works, perhaps some two-factor verification of Device ID, fingerprint matching, proximity to another device, or even pairing to another device via bluetooth. I’m no expert, so perhaps I’m missing something fundamental, but the tools seem to be there. With a simple wristband whose sole purpose is to house a secure fingerprint sensor, an encrypted or randomized transmission algorithm (sending either to a computer, mobile device, or straight to a verification server), and some combination of the above multi-factor verification, it seems within our reach to never have to create or remember another login/password combination ever again.
At $99, I’d buy the shit out of that.
I was thinking about this yesterday as I looked at my phone and thought “if I needed this for my passwords and I lost it, I’d be fucked.” In my other hand were my car and house keys, which I’ve never lost for more than a few minutes in my life. Psychologically, I’d love to start giving kids password devices when they first get house keys, to really ingrain THESE ARE EQUALLY IMPORTANT DON’T LOSE THEM.
I’m also not an expert, so just a thought.