It’s Only a Matter of Time Before Passwords and PINs Become Obsolete

Secure and convenient: Learn how biometric authentication in virtual reality and voice-enabled transactions could replace passwords.

Oct 24, 2023 - 2 min.
Picture of: Sebastian Ulbert
Sebastian Ulbert

What do online banking accounts, payment services like PayPal and marketplaces like Amazon have in common? Many of them are secured by a PIN. Simple combinations of numerals and letters are not necessarily secure because cyber criminals can easily crack them. User data and personal and sensitive information are particularly worthy of protection. This is why passwords are not enough to guarantee this security. Various technologies such as artificial intelligence (AI), virtual reality (VR) and voice control are currently the subject of intensive investigation by stakeholders such as journalists, researchers and politicians because they offer enormous development potential. The rapid development of these technologies forces us to respond to how we can protect digital identities.

The vulnerabilities of conventional passwords

Although passwords have a long history in information security, they are far from perfect. They can easily be cracked, forgotten or stolen. Many users use weak passwords or repeat them across multiple services – and in doing so, further compromise security. Many people find it tiresome to remember new and complex passwords constantly.

The security experts at Home Security Heroes applied an AI hacking tool to millions of passwords. They fed a total of 15.6 million commonly used passwords into an AI system, of which 51 per cent of which were cracked in less than a minute. This was mainly because most users rely on weak passwords that are easy to guess. For example, passwords such as ‘123456789’ and ‘password’ have topped the most popular passwords for years. These passwords do not even need to be cracked since they are already widely available in databases of frequently used passwords. In addition to these common passwords, weak passwords often use a low number of characters and feature low character variation.

Added to this is that passwords are also not particularly user-friendly – users often find them frustrating and awkward. To increase security, passwords often have to meet complex requirements – such as uppercase and lowercase, as well as special characters and numbers. This makes it difficult for users to remember their passwords. To make matters worse, complex passwords are more likely to be forgotten, leading to frequent password reset requests.

Alexa, complete the transaction

Voice-enabled transactions and passwordless authentication share common characteristics, especially with regard to the security and user-friendliness of digital transactions. The proliferation of voice-enabled virtual assistants such as Amazon Alexa means the need for passwords is increasingly being questioned. These devices allow users to make requests and execute transactions using spoken commands alone. This not only offers a more convenient user experience but also has the potential to increase security.

Amazon Alexa, for example, has the ability not only to perform tasks or requests via voice commands but also transactions. On the one hand, voice-enabled virtual assistants usually utilise advanced biometric technologies – such as voice recognition – to verify the identity of users. This ensures that only authorised persons can execute transactions. This approach also reduces the level of dependence on traditional passwords and can offer enhanced security.

VR as the key to better security in authentication

The idea behind using VR as an authentication tool is to utilise the unique biometric characteristics of each user to confirm their identity. This is done by collecting and analysing data generated while a VR system is used. The mode of operation is based on biometric principles: 

VR systems can accurately track a user’s facial and eye movements. This makes it possible to authenticate users from their gaze patterns and the way they move their facial muscles. The process of tracking hand and finger movements in a VR environment can function as a biometric feature. How a person moves their hands and gestures is unique and can be used for identification purposes. What’s more, these systems are able to detect a user’s gait and posture. The way in which each individual walks or moves can also be used as an identification feature. However, the user’s speech and voice can also confirm their identity.

The future is passwordless 

Technologies such as virtual reality and voice-enabled assistants like Amazon Alexa offer interesting opportunities to make digital transactions more user-friendly and secure. Virtual reality uses biometrics to authenticate users, while Alexa offers passwordless authentication based on voice recognition. These technologies show that the future of authentication involves using unique biometric features and convenient methods of interaction. However, the future is already upon us: passkeys enable secure authentication without a password.

Effiziente und sichere Benutzer-authentifizierung mit Single Sign-on