IoT is the password killer we've been waiting for

apple watch unlock
Credit: Alper Çuğun

IoT, with its tiny screens & headless devices, will drive an authentication revolution. It's a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine.

Does the Apple Watch spell the end for passwords? The answer may be “yes.” The Cupertino company’s latest “it” device is blowing up the “wearable technology” category, just as its iPhone did to the smart phone market more than seven years ago.

But, in the process, Apple Watch is also exposing some of the technology industry’s shrinking pains when it comes to wearable devices and other, miniatures “Internet of Things” technologies. Exhibit 1: the password.

[ Also on ITworld: Sher-locked: 12 famous passwords used through the ages ]

Needless to say, Apple Watch’s diminutive screens, which range from 272 x 340 pixels on the 38 mm model to 312 by 390 pixels on the 42 mm model, have made conventional alphanumeric passwords impractical.

That, in turn, has led to warnings that the devices are “easy to steal.” As this story on notes, the Apple Watches don’t require – or even allow - their wearer to log in, and feature a reset button that allows anyone with possession of the device to wipe its data and settings and claim it as their own. Not so with iPhones and iPads, the story notes, which have complex security and access control features that protect it from being wiped and reused by a thief.

Such dark ruminations about the strengths and weaknesses of the Apple Watch are a standard part of the “hype cycle” of revolutionary new products, which the Apple Watch clearly is. But the questions about security and the Apple Watch hide a larger truth about our near future and the fast-changing ways that we will interact with and secure the technology that animates our homes or workplaces and graces our bodies.

A brave, new, password-free world

The password is dead. We’ve known that for a while – password managers like LastPass (hacked last week) are but end-of-the-line accessories for a technology that has reached and surpassed its useful life – like a floppy disk holder or a cabinet for a big, fat cathode ray TV set.

[ Don't miss: Welcome to the Internet of Things. Please check your privacy at the door. ]

The shift to wearables and other small form-factor devices will hasten that trend, eliminating the kind of screen real estate that alphanumeric passwords require. “For the Apple Watch, the user has to be authenticated to their phone for the Watch to get updates and such. If there’s any kind of security threshold, the phone provides that,” said Marc Boroditsky, the COO of the security company Authy, which provides authentication technology for the Apple Watch.

The solution, for now, is two factor technology of the kind Mr. Boroditsky’s company offers, and that is already common on many web sites and applications, including Google, Apple’s iCloud, Facebook and more. Software sends a simple numeric code to a mobile device that can then be entered into a traditional login screen. In the case of Apple’s Watch, that numeric code is simplified to a “Yes” or “No” authorization.

1 2 Page 1
Insider: These ransomware situations can result in colossal outcomes
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies