In-depth

Why earwax & kittens are no recipe for successful IT security

Security researchers claims the unique properties of people's earwax could make it a password killer. Davey Winder's not convinced

Password and username box

Scientists at the Monell Chemical Senses Centre in the US have discovered the aroma of earwax varies from person to person.

More accurately, the chemical compounds that make it smell vary and create a unique waxy identifier.

In fairness, the boffins behind this discovery have not suggested earwax as a replacement for computer passwords, but some security experts are already talking up its potential as an authentication mechanism.

I am not surprised, given my exposure to equally daft-sounding biometric authentication projects in recent years.

A team in Tokyo has been working on a chair that measures your buttock with 360 pressure sensors, for example.

Then there's cognitive fingerprint technology such as SilentSense, an authentication framework currently being developed by researchers at the Illinois Institute of Technology, which uses 'touch-related' behaviour.

This uses data mined from behaviours, such as screen tapping and gesture creation, and works out a pattern of micro-movements that can uniquely identify a device owner.

The cute kittens were one of the Human Interactive Proofs (HIPS) that were all the rage a couple of years back in research labs. They were used by Microsoft researchers to try and distinguish between bots and humans when accessing forums.

Display a grid of photos with a mix of cats and dogs, and ask the cats to be identified; easy for people, apparently very hard for computers.

The trouble is whenever I am told something is going to be a password killer, I immediately wince; the password is not dead, nor is it terminally ill, and here's why. If biometrics were the answer to user authentication then we would all be using fingerprint scanners routinely by now, and we are not.

The technology has existed for what seems like forever, and is as mature as it can be. Yet still it's a niche methodology. Even the implementation as a device lock and purchase validator on the iPhone 5s is actually less triumphant than you may think; this still needs a password to work with.

The problem with getting caught up in the biometric hype, of which the smell of your earwax has to be the most bizarre yet, is that it misses the point.

We already have secure authentication systems that work, are reasonably secure, easy to use and will not break the bank when it comes to enterprise distribution costs.

Yes, I'm talking about two-factor (or multi-factor) authentication where you know the password alone is not enough, and there's a requirement for something you have in the shape of a token (be that hardware or created in software) to back it up. One will not work without the other.

The trouble with using body parts is in the argument that a body part cannot change, and is unique. Fine until that fingerprint is cloned (when you cannot change your print like you can your password or token mechanism) or your bottom gets bigger.

Sure, by all means use biometrics as part of your multi-factor authentication solution, but please stop trying to sell me on them as the sci-fi saviour of IT security.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020