A recent article popped up on my Twitter newsfeed this week regarding the possibility of a world without passwords. It turns out the Defense Advanced Research Projects Agency (DARPA) is working on developing a solution to the password problem. The idea is to move beyond passwords to a completely new method of authentication.

Imagine being able to sit down at your computer and start working without having to go through ten different password possibilities before successfully logging in with the right one. DARPA is looking to introduce a program that makes the machine aware of its operator in a different way.

We now know “strong passwords” involve something like 15 characters of both letters and numbers, with a mix of some capitalized and some not. And as mentioned above, we collect many different passwords over time, all of which are supposed to be changed on a regular basis. But don’t feel bad if you have trouble keeping them straight. “Humans aren’t developed to remember random connections of characters,” said DARPA Program Manager Richard Guidorizzi in an interview video clip.

And even if we did remember all of these passwords, they’ll always be “crackable.”

But what if computers had the ability to identify their users in a unique way, completely eliminating the need for passwords? Maybe this means a fingerprint sensor, or as Guidorizzi mentions, a program that tracks the way you move the mouse, which is apparently inimitable in that it connects to the way your eyes read what’s on the screen. Voice-recognition has also been experimented with.

Hopefully we won’t have to rely on the boundaries of the human mind to remember a long list of password combinations for much longer. And as the article points out, if we can trust anyone to figure this one out, it’s probably DARPA—they are the ones who brought us the Internet, after all.

This diaper load of an idea has been around for years... biometrics, and typing patterns, and other nonsense. It'll never happen, and if it does, people stupid enough to use it will deserve what they get.

Criminals have been stealing financial information from user's systems forever.

What makes the geniuses at DARPA think criminals won't steal biometric data?

There are only three ways of authenticating a user...
1. Something you know -- password or PIN (NOT"PIN number" like so many ID 10 Tees say).
2. Something you have -- card or key
3. Something you are -- retinas or fingerprint

Passwords, PINs, keys, tokens, and cards can all be replaced, after the user has satisfactorily proven who s/he is.

Once somebody else has your biometric data, how the hell are you gonna prove who you are?

I can see it now... "Gramdma, someone claiming to be you has logged onto my facebook page and stolen all my...)

Well said Dave. It is Dave right? How can you prove it's really you? Come to think of it, how do I prove I am really me? On no ... a paradox ... the universe will no self destruct in 3 seconds ...

... Guess not

I have wondered how we will tackle this problem. I've been royally creeped out by movies where people stole eyeballs and hands to get past biometric locks. I'm thinking a DNA based lock might do the trick.

I figure we could have a sensor in the screen and when you want to login you simply lick it. I suppose we could put a sensor in the mouse and lick that ...

Anyhoo ...

Even if someone stole your biometric data you can prove who you are with a q-tip and some more spit!

Yay CSI ... I knew that show would come in useful one day.

I think I might be on to something here

I figure we could have a sensor in the screen and when you want to login you simply lick it. I suppose we could put a sensor in the mouse and lick that ...
While I know you're joking James, you reminded me of something Malene Arpe wrote decades ago... I'm paraphrasing from memory... went along the lines of,

"It's inconceivable that inside your medicine cabinet a cockroach spends nights on the bristles of your toothbrush" or something similar.

And I ain't lickin' no mouse. Now where's that barfing icon...

On a more serious note, some password storage devices are physical - you carry them on your keychain or the like, a USB stick. BUT, if you travel across borders, there is nothing to stop a border guard from taking this device from you, and then all of your personal information becomes fully accessible. Or, it falls off your keychain and someone hacks it. Same result. Or, it gets damaged and stops working, so you have to prove who you are to each website and start fresh with new password storage / management.

No easy solution.

Hi Cheryl

I use your method, a USB key -- on my key chain, in my pocket, in my carry-on, and a couple in my checked bag. In my experience the goons are insufficiently observant to notice that I'm carrying them. Were I prudent, I'd mail one ahead to where I was staying. And mail it back with the data I'd generated and acquired when I left.

If you encrypt your USB, the idiots can steal it, altho they can't use it. Nor are you required to hand over the decryption key. Say you forgot. Check Point has a product that's ideal for this, which I wrote about last year in the print ITiC. The IT admin can set the decryption key, and tell you upon arrival. You can't give up what you don't know.