January 29, 2011 07:55 AM ET
Computerworld - Imagine sitting down at a public PC, surfing the Web, visiting Facebook, checking your online bank account and buying something on Amazon.com -- all without entering passwords or credit card information. It gets better. You get up and leave without even logging out. Some shady criminal type sits down at the same PC and finds his attempts at cracking your password foiled at every turn. Your accounts can't be accessed because your phone is no longer on the desk.
It gets better still. Hop in your car and press the "Start" button -- no key necessary. The car knows it's you after you wave your phone over the dashboard, and it adjusts the driver's seat and steering wheel just for you.
On your way to work, you swing by Starbucks to grab a Trenta Iced Cafe Mocha with whip. To pay, you wave your phone over a terminal on the counter, grab your drink and head for work.
Arriving at the office, you sail past security with doors unlocking automatically as you approach them. When you walk into your office, the lights and PC come on auto-magically.
But what's this? While you were out, IT replaced your old-and-busted PC with the latest and greatest. The PC is a blank slate, and it's unaware of your data or settings. No worries. Just drop your phone on the desk, and the system instantly implements your settings and begins downloading your work documents from the cloud.
While all this is happening, a co-worker walks in talking smack about the game yesterday -- and the ill-advised bet you lost. You owe him $10, so you both pull out your phones. You launch an app, type in the number 10, and tap the phones together to transfer the money.
All this has taken place without a single password or credit card.
The magic happens when you can combine a biometric ID system (which uses some kind of scan from a smartphone to verify that you're actually in possession of the device) with a secure short-distance wireless communication technology that other devices (cash registers, PCs etc.) can read.
What's wrong with passwords?
Why do we need a new ID system? Because most users don't create secure passwords, and they can't always remember the ones they create.
On any public system -- like, say, Facebook -- if a hacker tries the 20 most common passwords on enough accounts, he'll eventually break in. Any two-bit suburban script-kiddie can download free software to crack the majority of passwords on a public system within hours.
Many people use a single password for all accounts. Once a hacker gains access to the password, he can wreak havoc, steal your identity, destroy your credit, ruin your relationships and expose your secrets.
Password protection -- or lack thereof -- is the IT industry's dirty little secret. Passwords are a broken and obsolete model, yet everyone relies on them and pretends they do what they're supposed to do.
The obvious password replacement is biometric identification -- the use of a system capable of recognizing unique physical attributes, such as fingerprints, iris patterns or voices.
Far too many people don't trust biometrics because it feels like Big Brother technology. But I believe that if the biometric system resides on the user's cell phone, and is under the user's control, such technology would be far more acceptable to the public.
How Apple will kill passwords
Apple doesn't discuss future product plans, but it appears likely that the company is aggressively pursuing the development of technologies that replace IDs, passwords and credit cards.
Two years ago, Apple was in the news for patenting a range of biometric ID tools for the iPhone, such as a voice recognition system, a retinal scanner that uses the phone's camera or, most likely, a system that uses the screen to scan fingerprints.
Last year, Apple hired an expert in Near Field Communication, or NFC, to head up the company's Mobile Commerce department. NFC is technology that enables the transfer of data over distances of just a few inches -- a model that's far more secure and reliable than, say, Bluetooth. Other inside sources have been quoted as saying that Apple plans to build NFC into the iPhone 5.
Apple has also recently advertised three job openings related to payment platforms and short-range wireless data transfers.
And Apple has been granted NFC-related patents.
Apple is in a unique position to add biometric ID and the short-range communication technology that would make it effective.
Because Apple makes both handheld devices and PCs, it could easily build support into both. And because Apple already maintains one of the largest e-commerce systems in the world -- the various iTunes stores -- it already has most of the infrastructure for payments in place -- and the credit card numbers of millions of customers.
Most important, however, Apple has proved to be the best company in the industry at taking research concepts that have been going nowhere for years and mainstreaming them overnight. It did that with multitouch user interfaces, cell phone videoconferencing and touch tablets. And it could do it with biometrically secured NFC ID and commerce systems.
In other words, all Apple needs to do in order to turn the iPhone into a universal debit card is to add a tiny, inexpensive chip to the device. And all Apple needs to do in order to make the iPhone a universal secure ID is to add a fingerprint scanner to the phone and put another chip in its various desktop systems.
Of course, it could be a while before you can use an iPhone as a universal debit card. It could take Apple some time to establish the partnerships and programs necessary to get every gas station and grocery store to support iTunes. But the password-killing ID card functionality could exist on Apple systems as early as this year, or most likely next year.
How Google will kill passwords
Google, meanwhile, does discuss (some) future plans. CEO Eric Schmidt announced late last year that Android Gingerbread 2.3 and later versions will support NFC at the software level. It's up to Google's hardware partners to build that functionality into Android devices.
Google is already using cell phones to improve security. The company has a universal password log-in that grants admission to most of its many online services, from Gmail to Google Latitude. Google encourages users to associate that single sign-on password with their cell phone number. If someone hacks your Google password, you can get a new password sent to your phone.
The Android platform has also been at the forefront of workable biometric solutions for cell phones. In fact, you can already download Android apps that do face recognition and iris scanning.
What doesn't exist yet is a Google-approved or Google-designed system that ties it all together -- NFC, payment and biometric ID. But with Apple apparently taking the lead when it comes to using a cell phone as a debit card and a universal ID, you can be sure Google will step up and do whatever is necessary to compete.
I believe that it will soon be possible to live without passwords or credit cards. If Apple builds in these capabilities, you can be sure Google will. And if Apple and Google do it, so will all of their competitors.
It won't be easy -- we can look forward to messy standards and privacy battles. But once they ship cell phones that can replace both passwords and credit cards, I think life will be more convenient -- and more secure.
Mike Elgan writes about technology and tech culture. Contact and learn more about Mike at Elgan.com, or subscribe to his free e-mail newsletter, Mike's List.