In the greatly desirable move to eventually step away from password use, the company is rejecting bio-based sign ins.
Gregg Stefancik, a Facebook engineer, has now revealed that while he would like to eventually bring the social media company away from its reliance on traditional passwords for security, he would find that QR codes are a far superior replacement, particularly when compared to biometrics, which are being considered – and already used – by other companies.
In fact, Stefancik was greatly and vocally opposed to the use of biometrics for this purpose.
The engineer – and leading security architect at the company – recently appeared in Australia, where he explained that he would eventually prefer to use QR codes or other forms of hardware tokens in order to allow users to securely log into their accounts. In the meanwhile, Facebook is encouraging its users to choose to take on an additional level of security through a two factor authentication process while signing in.
Stefancik feels that a solid two factor authentication, perhaps with QR codes, would be adequate for eliminating passwords.
He explained that “If we were in a world where every user had reliable two-factor authentication, then we could maybe get to a point where we are not worrying about passwords. My vision for security in Facebook over the next few years is that I’d like us to move away from the dependency on passwords altogether.”
Still, he does not feel that biometrics are the key. In fact, he flat out stated in an interview that he “hates” them. The reason is that “I can’t change them.” Among the features that he feels is most important in credentials is that “they’re revocable.”
It is his belief that a growing body of research is providing evidence that biometrics are not difficult to fake or to spoof. He underscored this statement by pointing out that it is extremely simple to conduct an internet search to find the information needed to falsify fingerprints or even forge images of the iris. Therefore, in Stefancik’s efforts to keep Facebook accounts secure in the future, he is looking away from biometrics and toward hardware tokens. The solutions that he is currently considering include QR codes and other software code generation.