Security Without Passwords

Security Without Passwords

Sensors Insights by Christoph Meinel

Passwords are currently the primary means to secure digital identities. Research shows, however, that this security technology is no longer reliable when it comes to protecting digital identities on the internet.

First, very few people use strong passwords and even then, they often reuse passwords for several venues. Second, many service providers store passwords with weak encryption, if any at all, creating a security risk. Research at the Hasso Plattner Institute (HPI) in Potsdam, Germany, shows that each day more than ten million digital identities are leaked on the internet and can be used for criminal activities.

Password technology was invented at a time when the internet was not used extensively to protect disconnected workstations onsite and has become outdated. New ways of protecting digital identities need to be developed. Currently, many tech companies focus on biometric authentication where individuals use facial recognition and fingerprints. However, biometric data can also be leaked and therefore the protection is not much better than passwords.

Fierce AI Week

Register today for Fierce AI Week - a free virtual event | August 10-12

Advances in AI and Machine Learning are adding an unprecedented level of intelligence to everything through capabilities such as speech processing and image & facial recognition. An essential event for design engineers and AI professionals, Engineering AI sessions during Fierce AI Week explore some of the most innovative real-world applications today, the technological advances that are accelerating adoption of AI and Machine Learning, and what the future holds for this game-changing technology.

The most promising and secure approach to protecting digital identities rests on a novel technology, which was invented at Hasso Plattner Institute and developed at an HPI-tech startup called “neXenio” in Germany. Behavior-based Authentication verifies identity by using various kinds of sensors to observe the unique behavior of individuals to calculate trust levels. Through this method it can be determined whether a person is authorized to use a digital service.

Every modern smartphone contains at least 16 high-end sensors for its various applications. Those sensors can also be used to create a behavior profile of the owner of the phone. For example, how a person pulls his phone out of his pocket is unique for everyone. Smartphone sensors detect the uniqueness of such actions and distinguish between the individuals who are holding the smartphone. So, if the phone gets stolen and is used by an unauthorized person, the sensors detect the tacit changes in behavior and will shut down.

The more sensors involved in gathering behavioral information, the more reliable the trust values. The use of a smartphone calculates trust levels of about 70 %. Adding, for example, a smartwatch to the set with the smartphone increases the value to 90 %. This is because the combination of data from those devices raises the data amount and quality of a user.

Figure 1

For some services or authorizations, trust values of close to 100 % are needed. In military or industrial environments, for example, sensors could be sewn into uniforms and constantly measure whether the movement of the person who wears it is consistent. Sensors in clothes could also measure heart rate, the movement of the chest while breathing and many more details about its wearer to create trust values of close to 100%. However, such extremely secure authentication schemes could also be used for regular people with individual clothing.

In the future, great fashion labels will start using sensors in their clothes to provide additional authorization services. In this scenario, my Gucci shirt and trousers, which are equipped with numerous sensors, would help me to seamlessly use all kinds of digital services securely, like opening my mail and bank accounts without additional identification.

One of the most important features of this technology is that it has by default a high data protection standard. Unlike passwords or biometric data, wearable sensor data would never leave the wearer’s own devices. None of the personal data must be communicated to the external authentication authority. Only the trust value as the representation of all behavior data is necessary to leave one’s authentication device. The future of reliable, perfectly secure identification on the internet with the highest data protection standard has arrived!


More info is available at:





About the author(s)

Professor Dr. Christoph Meinel is Dean of the Digital Engineering Fakulty of the Potsdam University and Director and CEO of the Hasso Plattner Institute for Digital Engineering gGmbH . He is also Director and CEO of Hasso Plattner Institute.

Prof. Meinel is an honorary professor at the Department of Computer Sciences at Beijing University of Technology and a guest professor at Shanghai University. Christoph Meinel is a research fellow at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg. Together with Larry Leifer from Stanford University he is program director of the HPI-Stanford Design Thinking Research Program.

 Christoph Meinel is author/co-author of nine books and four anthologies, as well as editor of various conference proceedings. More than 400 of his papers have been published in high-profile scientific journals and at international conferences.

Suggested Articles

Iowa State University researchers are working with NSF grant

Brain Corp. reported a sharp increase in autonomous robot usage in 2Q

Nvidia DGX accelerators helped train system from 150,000 chest X-rays with inference results in less than a second