The days of using a password to access a bank account or cellphone will soon be a thing of the past, President Obama’s top cybersecurity adviser said Thursday.
The risk of getting hacked by criminals has grown so widespread that far more sophisticated identification technology — including biometric scanning devices — will become the norm, said Michael Daniel, the White House’s cybersecurity coordinator.
“You’ve started to see some of that with the emergence of the fingerprint readers,” said Mr. Daniel, adding that the technology will become increasingly mainstream as cellphone cameras, “hard” card readers and other authentication gadgets replace the annoying process for millions of Americans of punching in a password to confirm their identity.
“Frankly, I would really love to kill the password dead as a primary security method because it’s terrible,” Mr. Daniel said at an event hosted by the Center for National Policy, Northrop Grumman Corp. and the Christian Science Monitor
Since passwords can so easily be hacked, a variety of new technologies will provide more protection and some “will be biometric related,” he said.
Mr. Daniel’s comments come against a backdrop of recent friction between the U.S. Justice Department and private tech giants like Apple, which unveiled a host of new privacy features for its iPhones and iPads last month designed to frustrate government snoopers.
Features like fingerprint scanners on phones are popular because consumers believe such advancements will protect them from government intrusions on their private data.
FBI Director James Comey lashed out on the subject in late-September, accusing tech companies of “marketing something expressly to allow people to place themselves beyond the law.”
So far the Obama administration has been reluctant to push legislation that would require private companies to take any specific cybersecurity measures.
In February, however, the administration launched a “Cybersecurity Framework,” described as the “result of a yearlong private-sector led effort to develop a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity.”
Mr. Daniel one point told the audience that the administration feels strongly that “market forces” can be trusted to take the lead on guiding private companies toward taking sufficient cybersecurity measures without heavy government intervention.
But he later said there are concerns inside the White House that almost all private companies — when left to their own devices — have a habit of not paying enough attention to cybersecurity threats.
“Expediency will trump cybersecurity every time,” he said.
But resistance to putting legal requirements on companies like JPMorgan Chase and others such as Target and Home Depot — two others that have fallen victim to hackers over the past year — stems from the fact that “the speed of regulation does not move at the speed of technology,” he said.
The government has to be “mindful” that any regulations will probably be outdated by the time they are issued, he added.