Passwords and password protection — these issues likely consume a hefty allotment of your IT help desk work day. Passwords are seen as a necessary, though not always an easy, way to assure that the people using your systems are who they say they are. Of course, the most sophisticated systems might also employ two-factor authentication or even biometrics as ways to identify users. Are these all about to be rendered completely obsolete?
Current Means for Identifying Users
Passwords are the most common means of identifying users, and most IT help desk workers try to assist users in coming up with easy-to-remember yet hard-to-guess passwords. Users lose passwords, and sophisticated hacking software can be used to crack even the most intricate and difficult passwords. More commonly, users are careless with their passwords and allow them to fall in the wrong hands.
Two-factor authentication is gaining in popularity as identity theft and hacking become more prevalent. Two-factor authentication usually involves one factor that someone knows (like a password) and one item they have (such as a key, card, or a physical characteristic like the iris or a fingerprint). This makes it more difficult, but still not impossible for an unauthorized user to gain access. For example, cards and keys can be stolen just as passwords can be stolen or guessed.
Biometric identification is the most sophisticated way to identify users to date, and involves a physical characteristic to identify the user. Usually, this means a fingerprint, iris scan, palm scan, facial recognition, or even the user’s DNA. Medical and military facilities often depend on biometrics to safeguard their IT systems as well as physical areas within the facility.
The downsides to biometrics are multi-fold. First, there are privacy considerations. Not all users are willing to hand over their fingerprints or DNA for access to a system or facility. More frightening are the dangers when a dedicated intruder wants access to a system — biometric safeguards could lead to kidnapping or even murder to gain access to those physical features that allow access.
The New Method for Identifying Users
The U.S. Army at West Point is developing an entirely new method for safeguarding systems, and this method comes with little chance of theft. It is based on a similar system currently in use to detect plagiarism. Stylometrics is a means for identifying the author of a text by the writer’s style. In other words, modern plagiarism checks look for a change in the writer’s style instead of making text-by-text comparisons for plagiarism.
The system in development at West Point examines a user’s style, including their typing speed, their rhythm and style of writing, how they move the mouse, and even common topographical mistakes to determine if the user is who they claim to be. This isn’t something a user can forget, like a password, or something a hacker can steal or mimic. Not only would it identify and thwart unauthorized users, stylometrics would also be able to prevent an unauthorized user from assuming multiple identities within the system.
While not yet ready for use by the masses, stylometrics is definitely a promising alternative to current means for identifying authorized users. Can you imagine how many hours it would free the help desk from retrieving or resetting lost passwords?