As if you didn’t already have enough reasons to hate your passwords, a programming mistake meant that almost everyone was supposed to change them or risk everlasting doom. You have to ask: Why are we still using these things?
Remember last week when you were supposed to change a boatload of your passwords to set your mind at ease? If only all your web services had been using Eyeprint, your weekend could have been a little less stressful.
The Heartbleed OpenSSL bug capitalized on a problem with program design that allowed hackers to get at sensitive user information. It’s not clear how many people had passwords stolen, but once the mistake was fixed on servers, security experts suggested that everyone change their passwords. And the fallout was so widespread and noteworthy that the bug got its own logo.
Thus began the ridiculous and time-consuming task of figuring out which services use Open SSL, visiting each of their sites, and then figuring out one by one how to meet the password change requirements. It seemed like an endless and pointless navigation across the entire Internet to protect yourself – all because someone forgot to check some code. It was the best (OK, worst) illustration we’ve seen of password fatigue. That’s the weariness you feel because you have to remember a big list of passwords and then when you have to change them all because someone broke the Internet.
And that’s if you’re one of the people who took the time to do it; plenty of people may not have had the time and are just sitting ducks with potentially compromised security.
But if you’re anything like us, as you logged in to secure your Gmail, Facebook and Tumblr accounts, you thought, “There has got to be a better way.”
Sure is. Biometric security like the Eyeprint is already here and ready to protect information. Industry heavyweights are already working together to set standards for strong authentication. These will usher in the age of biometrics and do away with passwords as we know them.
For users, it will mean that access to everything could be as simple and frictionless as literally looking at a smartphone. No more coming up with “low-security” passwords for throwaway sites and more complicated “super-secure” codes for banking and communication services. By the time you’ve converted to Eyeprint software, doing the password dance will seem like fixing the wheels on your covered wagon.
No one can pull your Eyeprint from a server, because the software doesn’t send out that information, explains EyeVerify CEO Toby Rush. “Since your Eyeprint never leaves your device, it cannot be compromised in transport or in the cloud,” he said. And that’s not true for most other biometric security software.
Some people are already reaping the benefits. Users of AirWatch mobile device management software can have the peace of mind that comes with using Eyeprint security.
So will Heartbleed be the wakeup call to dump passwords? Or are people going to have to become victims of theft in huge numbers before we decide to make our lives simpler and more secure?
It could be so easy: bring your phone in for a close-up selfie, wait for the buzz, eyes up left, another buzz: you’re in! Password fatigue and Heartbleed are out.
To learn more, contact us at firstname.lastname@example.org
David Castillo Dominici / FreeDigitalPhotos.net
Todd Hall / flickr (original image modified)