Is This the Death of Passwords?

What's Hot

23 Upgrades Under $50 to Make Your House Look AwesomeAround The House

Trump Worth $10 Billion Less Than If He’d Simply Invested in Index FundsBusiness

Do This or Your iPhone Bill May SkyrocketSave

11 Places in the World Where You Can Afford to Retire in StyleMore

19 Moves That Will Help You Retire Early and in StyleFamily

What You Need to Know for 2017 Obamacare EnrollmentFamily

8 Things Rich People Buy That Make Them Look DumbAround The House

50 Ways to Make a Fast $50 (or Lots More)Grow

32 of the Highest-Paid American SpeakersMake

The 35 Two-Year Colleges That Produce the Highest EarnersCollege

5 DIY Ways to Make Your Car Smell GreatCars

Amazon Prime No Longer Pledges Free 2-Day Shipping on All ItemsMore

More Caffeine Means Less Dementia for WomenFamily

7 Household Hacks That Save You CashAround The House

5 Reasons a Roth IRA Should Be Part of Your Retirement PlanGrow

30 Awesome Things to Do in RetirementCollege

Beware These 10 Retail Sales Tricks That Get You to Spend MoreMore

The continued race to stop high-tech crooks has led researchers to try yet another security frontier -- one that may signal the death of the password.

This post comes from Bob Sullivan at partner site

Is it possible that your next password might be as simple and subtle as the way you type or hold your smartphone? If you hate trying to fill out those CAPTCHA forms with impossible-to-decipher characters, a new strategy for telling the difference between people and computers might give you some hope.

Secrets are used to keep our stuff safe on computers; for nearly three decades now, that secret has chiefly been a password or, in security lingo, “something you know.” Advanced security systems can deploy an added layer, such as a token (or at banks, a debit card), which is “something you have.” And really high-tech systems involve biometrics, such as a retina or fingerprint scan, known as “something you are.”

So far, none of these techniques has proved robust enough to stop hackers’ endless efforts to steal critical information, whether it’s millions of Target credit card numbers or access to computers that control national infrastructure. Passwords are notoriously unreliable – too hard for users to remember and too easy for determined criminals to guess. Tokens get lost. Fingerprints can be replicated.

In other words, to cyberthieves, credit card numbers and other personal information are still “something you steal.”

A key that can’t be hacked?

The continued race to stop high-tech crooks has led researchers to try yet another security frontier, and this time, they hope to be creating something that is so unique that it cannot be copied, yet is so easy to use that it doesn’t have to be remembered. They are trying a strategy known as “something you do.”

All computer users type at a unique speed, creating a pattern that is perhaps more personal than the way they sign their name. Smartphone users tilt their phones when they type, or scroll, or watch, in very personal patterns. It’s now possible to measure these things people do, turn the patterns into an algorithm, and create an authenticator that users simply can’t forget.

It’s also so unique, researchers hope, that criminals won’t be able to impersonate it.

William Scheckel is chief marketing officer at one of the companies trying to solve this riddle: Oxford BioChronometrics, which spun out of the ISIS Software Incubator set up by Oxford University. He says the method has real promise.

“Phone manufacturers can identify you based on information from the gyroscopic device in your handset,” Scheckel said. “Say your bank uses this technology and you hand your phone to another person. Using this method, the bank would shut the (transaction) down.”

Oxford BioChronometrics puts together a number of these “something you do” patterns into a mathematical formula it calls electronically defined natural attributes, or e-DNA. Scheckel says that using the set of highly personal characteristics creates an authentication tool that’s hard to defeat.

“The information is so specific to you it can’t be hacked,” he said.

That’s a bold claim, sure to be tested. Many “unhackable” login strategies have been foiled by criminals. One potential method: a “man-in-the-middle” attack, which essentially enables a criminal to trick a user into logging in, then lets the hacker joy-ride into the now-authenticated account to steal money or commit other forms of ID theft.

But it’s pretty clear that passwords are passé. Several high-profile hacks in recent years, including companies such as LinkedIn, have seen millions of users’ passwords exposed. Researchers have used those hacks to prove that passwords are terribly insecure anyway, with a high percentage of users opting for obvious “secret” words like “password” or “123456.”

“Simple passwords are too easily hacked and there’s too much incentive for hackers to try. Identity theft is a growing problem because it’s profitable and simple passwords make it easy as well,” Scheckel said.

If you’re worried about identity theft, you should monitor your financial accounts regularly for charges you don’t recognize. You should also keep an eye on your credit, you can monitor your credit scores for free every month on Any major, unexpected changes in your scores could signal identity theft, and you should pull your credit reports (which you can get for free once a year) to confirm.

Telling computers and humans apart

Scheckel wouldn’t disclose clients the Oxford-born company is working with, though he said it was working on a “proof of concept” test with a “major household name.”

But he would talk about the interesting side benefit of Oxford BioChronometrics’ product: It is particularly good at discriminating between real people and “bots” that try to automatically log in to websites around the Web and wreak havoc, bots that have typing patterns that are obviously computer-generated.

Right now, most websites use CAPTCHA forms to root out annoying bots, but they mostly annoy real people. So in May, Oxford BioChronometrics began offering a free plugin called NoMoreCAPTCHAS to WordPress users, which Scheckel says eliminates the need for CAPTCHA tests. A brand-name travel company that struggles with bots scraping its site for data is now testing the system, he said.

Forget worries about credit card hacks: If the firm can reduce the number of times users must guess what those squiggly characters are, the entire Internet will cheer.

More on

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: 19 Cheap or Free Ways to Cut Your Winter Energy Bills

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,724 more deals!