Passports
I have, along with citizens of over 150 countries, a biometric passport. A special camera is used to capture the biometric information at the time of passport application. Each such passport contains a chip storing standardised biometrics for facial recognition, fingerprint recognition, and iris recognition. That data is contained on the passport I carry around and show to various authorities from time to time. But all that data is also stored on the computers of the issuing authority.
What then is the need for the passport itself?
Passing through a passport control involves some device which checks some part, or all, of my biometric information which is then matched against the information contained on the chip in the passport I am carrying. It is not checked against the original data stored when the passport was issued. Faking a passport involves matching the data on the chip to the person carrying the passport. In fact, this check only shows that the person carrying the passport matches the data on the passport. As long as the passport is genuine such a check is an identity control. But it is an indirect control. Such a check says nothing, directly, about the identity of the person carrying a passport.
The passport itself is just a carrier of data which exists somewhere else. It’s function is only to provide a controlling authority with access to the data of the passport bearer. It will not be long before the biometrics stored by passport issuing authorities are accessible directly in the cloud for checking against the actual biometrics of a physical person. The passport itself then has no function. Technologically it is already possible to do this today. But it will need more security to prevent unauthorised access to this data and some more time before the political will to allow this exists. The real technological challenge will be to prevent the accidental or intentional corruption of the master data. Already standard, on-the-street, cameras in some Chinese cities are connected to master data bases such that the camera image (facial + motion recognition) is sufficient to match the person against the master data.
I am who I am. I do not need a passport to tell me who I am. The personal integrity issues that are sometimes quoted against such expansion of the use of technology are spurious and misguided.
It may not be quite in my lifetime but passports are becoming obsolete.
Passwords
Passwords are already on the way out.
Microsoft has announced users can now delete all passwords from their accounts and instead login using an authenticator app or other solution. The technology giant made passwordless accounts available for business users of its products in March. And that system is now being made available to all Microsoft or Windows users. It said “nearly 100% of our employees” were already using the new, more secure system for their corporate accounts.
If passwordless login is enabled, users re-logging in to a Microsoft account will be asked to give their fingerprint, or other secure unlock, on their mobile phone. “Only you can provide fingerprint authentication or provide the right response on your mobile at the right time,” it said.
Windows users will still be able to use quick-login features such as a Pin code, though. Some rare exceptions will still need passwords, such as Office 2010, Xbox 360 consoles, and Windows 8.1 or earlier machines.
………. Security vice-president Vasu Jakkal wrote: “Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives. “We are expected to create complex and unique passwords, remember them, and change them frequently – but nobody likes doing that.”
The k2p blog 