Complex Tech is in San Francisco for TechCrunch’s Disrupt SF Conference. Check in here for our daily dispatches.
The password is dead, long live the fingerprint.
In a pretty relevant conversation in relation to the announcement of Apple's iPhone 5S, security executive Heather Adkins from Google, author James Bamford, and venture capitalist Ted Schlein took to the Disrupt SF stage on Tuesday for a panel called "Spies Like Us," which, as you probably guessed, dealt with good old-fashioned prying and spying. Just a few minutes into the conversation, Adkins bluntly, and somewhat proudly, declared the password "dead," and that it's "game over" for any startups who are relying on passwords to protect their users.
When discussing Google's observations about the amount of user data they were collecting and how to protect it, Adkins had some advice for the startups that were in attendance. "What I actually want to see in the startup space is a lot more work on authentication, passwords are dead," she said, hitting her two index fingers together for emphasis. "If you have a startup and your users are logging in with passwords, the game is pretty much over for you. We need better authentication technology using biometrics."
Biometrics. Ring a bell? It should. Biometric authentication is exactly what Apple put in its iPhone 5S, in the form of a fingerprint scanner. If the password is dead (or at the very least, dying), Apple was first to the starting line when it comes to mainstream smartphones.
Not be be left in the dust, Google is also experimenting with a two-step verification process that
If you have a startup and your users are logging in with passwords, the game is pretty much over for you.
generates a one time code for mobile users to input, rather than a password they'd otherwise have to memorize. Also, Google is trying out new technology with Motorola that would use a tag attached to, say, your clothing, that you would hold your phone up to in order to authenticate it. "A hacker can't steal that from you," she said, "they can't ask you for that over an email."
During the panel, Adkins mentioned that hackers were able to find their way into Google accounts of users who hadn't turned on their two-step verification option, and once in, the hackers turned on the two-step option. That left the owners locked out of their accounts. The hackers would then use the account to send out spam. "They are finding new ways to make money off it," she said. "Ways we hadn't anticipated."
As technology advances, hackers adapt. The future, as Adkins puts it, is in passwords that "don't rely on not getting fooled." Hackers are too smart for that.