Next-gen security could see human embedded passwords

PayPal said it's the most effective way to stop people using easily guessed passwords

PayPal claims the future of security lies in human embedded chips for authentication rather than giving hackers the opportunity to guess obvious word and letter strings.

The company said even emerging tech such as fingerprint scanners - as seen on Apple's iPhones and iPads and Samsung smartphones and tablets - will be phased out alongside retina scanning technology before payment processing services like PayPal will even consider using them.

The reason? They create too many false negatives, so a valid user can't log in, in addition to false positives, allowing unauthorised users to log in.

The answer is authentication devices that can be ingested by humans, it claims. These devices already exist for a range of different medical applications including glucose detection, blood pressure monitoring and digestive health, but Jonathan LeBlanc, global head of developer advocacy at PayPal, has suggested it could be used as an identity validator too.

Another option is a brain chip implant that would allow humans to authenticate themselves to access services.

LeBlanc showcased a presentation entitled 'Kill All Passwords' which explores how passwords will be phased out in years to come.

He listed the most frequently used passwords, including '123456', 'password', '12345678', 'qwerty' and 'abc123', saying 40 per cent of people have a password included in the top 100 passwords list and 14 per cent have a password from the most used 10.

People use these obvious strings is because they often forget them, so want something easy to remember, he said.

"As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use 'letmein' or 'password123' for their secure login, and will continue to be shocked when their accounts become compromised," he explained.

Update, 23/04/15:

PayPal has since been in touch with a statement to make it clear it has no plans to develop such technology itself.

A spokeswoman said: "We have no plans to develop injectable or edible verification systems. It's clear that passwords as we know them will evolve and we aim to be at the forefront of those developments.

"We were a founding member of the FIDO alliance, and the first to implement fingerprint payments with Samsung. New PayPal-driven innovations such as one touch payments make it even easier to remove the friction from shopping.

"We're always innovating to make life easier and payments safer for our customers no matter what device or operating system they are using."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
Qualcomm modem flaw puts millions of Android users at risk
Google Android

Qualcomm modem flaw puts millions of Android users at risk

6 May 2021