End of the line for online passwords, says PayPal
- 28 February 2013
- From the section Business
If you run into problems trying to remember a password on your mobile or computer when trying to buy something, then things could be about to get easier.
The days of the lowly password are numbered.
The fact is that the way we users typically deal with having multiple passwords for our online accounts makes us too vulnerable to spyware, phishing and identity theft.
Many of us rely on the same password, while many more of us only use three or four passwords.
Ideally, the best password would be something like Az1f6&jWz - but you'd never remember it.
So the industry is looking to ditch passwords, and is turning to a variety of solutions, such as voice recognition, key stroke analysis and finger print identification.
Payments firm PayPal is one of those leading the changes, and president David Marcus says the aim is to make the whole process seamless.
"Like magic, you'll be authenticated, and the payment will go through," he tells BBC World Service's Business Daily.
"We want to move away from passwords, and get to embedded fingerprint scanners on mobile phones.
"You're going to start seeing that type of experience later this year, with a mass roll-out in the year to come."
Earlier this month, PayPal, Lenovo and others announced the formation of the Fido Alliance (Fast Identity Online) to change the way online security checks are carried out.
The idea is that users will be able to select the type of authentication that suits them best - from fingerprint scanning to USB tokens.
"The best protection is the one you don't see - it's the one that happens in the background, that verifies your identity accessing your own data," says Mr Marcus.
For PayPal, solving the password security problem is important because so many people now use it to make purchases - it has 125 million customers in more than 190 countries.
"You shop offline more than you shop online, but in most of these transactions mobile is involved now," says Mr Marcus.
"As the offline market is 17 times bigger than the online market, there is still huge untapped potential for us."
Since taking over as chief executive last April, he says PayPal has been changing the way it develops services for customers.
"Every large company gets slower after a while, and you need to reinvigorate the troops and invent products that are truly disruptive."
The key driver for this has been the way in which customers are increasingly using phones, tablets and other handheld devices to make purchases.
Last year, PayPal recorded $145bn (£95bn) in total transactions, of which $14bn were via mobile devices, says Mr Marcus.
"But the year before it was sub-$4bn."
Of course, PayPal is not the only company working on solutions that don't require users racking their brains to remember passwords.
In Sweden, behavioural biometrics firm BehavioSec has developed a system, which is already in use in Swedish banks, that focuses on how we behave on our computer or mobile.
"We can capture the rhythm of how users type - the speed between the keystrokes," says chief executive Neil Costigan.
In collaboration with phone manufacturer Samsung, the firm has also developed a smartphone app which learns and then recognizes the way a phone user enters his or her PIN.
Even if someone else who knows your PIN tries to use your phone, they will not be allowed access, as they would also need to mimic your behaviour to fractions of a second, says BehavioSec.
"It is no longer sufficient to enter the correct password or PIN code, it has to be entered the correct way," says Mr Costigan.
'Pay my mobile bill'
Meanwhile, US speech technology company Nuance has developed voice recognition software that is already in use with Barclays Bank in the UK and USAA Bank in the United States.
Nuance's "Nina" app allows companies to add a speech-enabled virtual personal assistant function to their existing smartphone apps.
"USAA Bank has been trialling the technology with a select group of customers, and is now launching the technology globally with a release in 38 languages," says Nuance.
"It is set to be adopted by banks, utilities and telecoms firms worldwide."
A customer can open the app and say "pay my mobile phone bill", and Nina will verify their identity through the sound of their voice and pay the bill, it adds.
Nuance insists that there is no way fraudsters will be able to circumvent this.
All of which should be welcome news for those of us who continually have to email our online retailers for new passwords, because we've forgotten the one we asked them for the last time we tried to buy something from them.
Justin Rowlatt's interview with David Marcus, president of PayPal, was broadcast on Business Daily, BBC World Service, at 08.32 GMT, 1 March 2013