The Obama administration’s top cybersecurity official wants to get rid of passwords.
“Frankly, I would love to kill the password dead as a primary security method, because it’s terrible,” said Michael Daniel, the White House cybersecurity coordinator, during a discussion Thursday hosted by the Center for National Policy and The Christian Science Monitor.
So what would replace the password? Daniel suggested that “selfies” would be one possibility. A device could scan a photo of a person’s face and grant access only to the right one.
“You could use the cameras on cell phones, which are now ubiquitous, so the selfies are used for something besides posting on Facebook,” Daniel said.
Fingerprint scanners, which are already in use on iPhones, are another possibility, Daniel said.
The important thing, he emphasized, is that companies develop technologies that are secure but that also recognize how people actually behave. If a security measure is too complicated or difficult, people just won’t use it, he warned.
Daniel gave a cautious answer when the moderator asked him about new security measures from Apple and Google that protect private phone data—even from police officers with a warrant.
Attorney General Eric Holder and FBI Director James Comey have attacked the new encryption policies, warning they could derail attempts to save kidnapped children and other critical police investigations.
“Even things that are in safes or other places are reachable by search warrant in many cases,” Daniel said. “We don’t want to have something that puts it utterly beyond the reach of law enforcement in appropriate circumstances.”
But on the other hand, he said, it’s also important for companies to improve their use of encryption.
“This is a really hard area, and I think the reason that you see, we’ve had debates about encryption going back decades,” Daniel said.