Design & UX
Article

The End of Passwords or Privacy? It’s Your Call

By Alex Walker

fingerprint

About 6 years ago I wrote a piece on the concept of 'browser fingerprinting'. This was a way of identifying a returning visitor by recognizing their browser and OS – EVEN if they were blocking all cookies.

At first glance, this sounded unlikely. After all, how many millions of people are using Chrome on OSX?

But think about it:

  • How many are using exactly your version of Chrome?
  • on the same OS version?
  • with precisely your plugins?
  • and sharing your timezone?
  • and using your screen resolution?
  • with precisely your list of available fonts?

The field narrows quickly.

As with traditional fingerprint matching, small parts of any given fingerprint may well match thousands of other fingerprints. But none of them match all parts of another fingerprint exactly. That's what makes fingerprints so useful.

It turned out our web browsers weren't that different to our thumbs. The closer you look at them, the more different they appear. It's an idea that is almost as cool as it is creepy.

In fact, AmIUnique.org still demonstrates how it works in practice.

Project Abacus: Cranking the Creepiness?

Now Google wants to apply a similar idea to your body to kill the password. It turns out that, like browsers, we have all accumulated our own ticks, personal habits, and patterns that make us measurably different from each other. These include:

  • the pattern of our typing
  • the rhythm of our walk
  • where we’re located
  • the way our face works
  • the tone of our conversations

Looking at these as a whole can apparently generate a 'unique ID' for any user.

Regina Dugan at I/O

Regina Dugan at I/O

In fact, last year, Regina Dugan gave a great (6min) explanation on Project Abacus at Google I/O.

As a concept, it certainly has some cool advantages.

As is the case with traditional passwords and signatures, none of these individual characteristics are beyond copying.

But unlike reproducing a signature – the current system you used to authorize your passport, license, and credit cards – it's harder to know exactly what you're copying in Abacus.

For example, with 10-minutes practice you might be able to mimic your best friend's signature, but could you accurately mimic their walk? Or their swipes? As well as their vocal tone? All at the same time?

Constant Authentication

Trust Score in action

Trust Score in action

The other great aspect of Abacus is that, unlike all current systems, Abacus is constantly authenticating you and keeping a ‘trust score’.

So, in theory, if someone grabbed your phone in the street, it wouldn’t matter if you were logged into email, social media or even bank accounts. The device would quickly recognize the current user wasn’t you and log out all accounts.

That’s an impressive use case.

On the other hand..

Bodies change. We bang our knee and limp. Our voice gets croaky with flu. We cut our hair, we shave our beards, we get collagen injections and new glasses. Sometimes all on the same day!

Getting locked out of all your accounts the day you had a serious bike accident would be hard to forgive and forget.

Of course, this problem is simply a technical/UX challenge. It’s probably possible to build a system that gets this right 99.9% of the time. Signatures have never been 100% foolproof either.

And we know Google are very good at building systems. I’d back them to get that right eventually.

The Final Straw in Privacy?

Let’s face it: We’re all lazy. We’re all looking for easy ways out. The prospect of grabbing your friend’s phone and instantly opening your email on it without needing a single password is very seductive, right?

But we also need to realize we’re letting go of the steering wheel.

No longer are WE identifying ourselves to the phone. The phone is proactively identifying us – whether we like it or not. Who’s the boss in this scenario?

Somewhere there will be a database that can pick us out of a crowd just because we walk funny. It might just be me, but that has more than a hint of 'Minority Report'.

Some interesting decisions ahead.

P.S. If I told you Regina joined Google as the previous director of DARPA, would you feel better or worse?

Originally published in the SitePoint Design Newsletter.

  • boen_robot

    > But we also need to realize we’re letting go of the steering wheel.

    With Google’s car (which I am personally VERY excited about; I want it NOW!!!), this analogy is becoming a very inappropriate one. I for one (and I’m far from the only one) actually WANT to let go of the steering wheel, and let the Google car AI drive.

    On the other hand, I want to have control over my privacy, and this here is several steps too far.

    • http://sitepoint.com Alex Walker

      Excellent point. @boen_robot:disqus. I thought about making the connection between Google’s car and Abacus but the post was already long. I’m glad you did and I agree.

  • Siggi Bjarnason

    I’ve long since accepted that privacy is a mere illusion these days, that in order to fully participate in today’s society there will be no privacy. The only people with privacy are the mountain men in Montana, Wyoming and similar remote location that are living off the grid. But that’s just my personal take on things. As long as they actually get this right and it works reliably 99.99% of the times I think it is a good thing.

    • http://sitepoint.com Alex Walker

      My view is probably not quite as pessimistic as yours, but I understand your position. Governments probably would have tracked every citizen in Ancient Rome or Eygpt if they could have, but it was just too hard (and expensive). Technology is making that possible, so it’s hard to believe they won’t.

      • Siggi Bjarnason

        I guess I see it as realistic rather than pessimistic. As far as government tracking us, while I don’t doubt for a second that the capability exist, I just believe they are to incompetent to pull it off. Name one thing that the government has done correctly :-P
        They can’t even track terrorists, let alone law abiding citizens :-D
        Since I’ve got nothing to hide I don’t worry about stuff like that. I pity the poor NSA analyst that is assigned track me, I hope he has steady supply of energy drinks to keep him awake :-P

Recommended

Learn Coding Online
Learn Web Development

Start learning web development and design for free with SitePoint Premium!

Get the latest in Design, once a week, for free.