Farewell signature, farewell password…
The four largest US credit card companies, American Express, Discover, Mastercard and Visa, have collectively announced they will stop asking establishments that use their network to take customers’ signature to complete a transaction. The move makes sense: signatures provide no real security: employees in restaurants and stores have no way to verify a signature and there are any number of examples of people using doodles or even drawings when signing a purchase made with a credit card.
In short, technology has eclipsed the need for a signature through the use of PINs and biometrics, such as the fingerprint or the face for smartphone payments. Increasingly, we are even using selfies or scans of identity documents for contracts or when we open a bank account.
Joining the signature on the road to extinction is the password, thanks to the growing use of password managers which mean we no longer have to remember the same password for everything or keep a long list of them written down lest we forget them. Instead, services like LastPass, 1Password and others create random passwords for each of the many services we now access online. At the same time, biometrics are increasingly coming into play. Each morning I put on my smartwatch, which is unlocked when I point my smartphone by looking quickly at the screen. When I open my laptop, the same thing happens: it is unlocked by the presence of my smartwatch on my wrist, although it can also be unlocked by fingerprint or a password, which obviously I have stopped using except when I restart it or for the few operations that still require it. Logins to shared computers are only completed when I confirm it through one of the devices I carry with me, providing an additional level of security. Soon, a new security standard proposed by W3C, WebAuthn and already accepted by Google, Microsoft and Mozilla, will coordinate how we access web-based services and will be incorporated into most of the main browsers.
It is now only a matter of time before time is called on the notary public, on signatures on contracts and minutes, or when checking into a hotel. And no more memory tests and the discomfort of having to click on “forgot my password”. Biometrics and password managers have become pretty much ubiquitous thanks to the growing use of sensorization technology. If in your company you still regularly have to write your John Doe or enter passwords, you may want to rethink those processes and boost your security in the process.
(En español, aquí)