card image

Whether you log in to one device, one application, or more, passwords have become the norm to secure our accounts from unauthorized access.  Did you know one of the weakest passwords you can set uses your name, birth date, username, e-mail address, or those using all lowercase or all uppercase?  Through this article, I will dive into how to create a complex password and how biometrics coupled with AI can enhance user validation.

Did you know that following these tips will make your account more secure?

Before we get into biometrics and AI, let us talk about passwords and why they were designed.  Your phone, computer, software, car, and a variety of IoT devices utilize passwords to ensure that only authorized people can access the resource.  Did you know that in The Home Depot, they have a pin pad beside many of their cutters?  They use this to ensure only authorized staff can power the device on and cut.  Thus, this does two things:  one provides only those allowed to use the machine do, and it prevents an accidental user from getting hurt by the power,

Did you know pin codes were first introduced in 1967 with the ATM Machine?

Did you know that 1967 ATMs (Automated Teller Machines) required pins to provide a fast, secure way to know if the machine should dispense cash to the customer standing before it?  The first ATM was installed at the Barclay Bank in London, which accepted both checks and cash, and utilized MICR (Magnetic ink character recognition), a particular type of ink called carbon 14, on the routing, bank, and check numbers were printed with a slightly radioactive substance.  Did you know the concept of a pin was first conceived by John Shepard Barron and later revised by his wife Caroline, taking a 6-digit pin to a 4-digit pin to make it easier to remember?

Did you know that about 11% of 3.4 million passwords are 1234?

Did you know the most popular password is 1234, and the second most used is 1111? Many people, including bad actors, know this and get into many accounts without barely trying.  When asked to create a four-digit pin, many people choose their birthday and year or the four-digit year only.  When using a 4-digit PIN, one can come up with 10,000 combinations, with twenty being those below and the worst.

What are the worst 4-digit pins you should never use?

When choosing a 4-digit PIN code, you can use a unique number for an event unavailable online or through a public records search.  The twenty pin codes that should never be used are 1234 with 10.713% usage, 1111 with 6.016% usage, 0000 with 1.881% usage, 1212 with 1.187% usage, 7777 with 0.745 % usage, 1004 with a 0.616% usage, 2000 with a 0.613% usage, 4444 with a 0.526% usage, 2222 with a 0.516% usage, 6969 with a 0.512% usage, 9999 with a 0.451% usage, 3333 with a 0.419% usage, 5555 with a 0.395% usage, 6666 with a 0.391% usage, 1122 with a 0.366% usage, 1313 with a 0.304% usage, 8888 with a 0.303% usage, 4321 with a 0.293% usage, 2001 with a 0.290% usage and 1010 with a 0.285% usage.  Thus, from this data, it is clear that humans are unfortunately predictable, and a password should not be something commonly used or known.  Longer passwords are always better than shorter ones, but it is crucial that they are not sequential, random, and lack repeating digits.

How do we create better pins and passwords?

One great technique with numerical pins on ATMs is to spell out a word, but since it is still entered as a number, the complexity is slightly masked.  Many people want to find an ordinary word found in the dictionary, but that will be cracked in no time.  Others realize they need to capitalize a letter, so they may enter Watch, thinking it will be fine since it has an uppercase letter.  When developing a new password, ensure it has at least 12-15 letters, one uppercase letter, one number, and one symbol, not just one word.  If we want to make the Watch password more secure, the user might try changing it to M0vieW@tcher2024!  First, the password has 16 letters, so that’s good. Next, it has more than one uppercase letter and lowercase letters.  Here, we substituted some letters with symbols and numbers to make guessing harder.

Did you know that the minimum password requirements for banks often frustrate people?

Many banking sites have changed their minimum password requirements since they have gotten hacked in the past.  They will often say you should create a strong password. Choose a word that is difficult to guess, has at least 12 characters, and contains at least one uppercase letter, number, and symbol.  Then, they may even kick it up by requiring it not to be one of your last five passwords.  All banks suggest using Multi-Factor Authentication (MFA) but do not require it to be activated.  As more of them get their accounts hacked, I believe MFA Enablement will become a requirement and not just a suggestion.

What password types should you not choose unless you want your accounts hacked?

Now that you have an understanding, it is clear that choosing the right type of password will help to keep your accounts safe from bad actors.  Remember, you should always use an MFA that only allows you to access its private content.  Using a simple password may seem best because you will remember it, but many bad actors will try these first.  Stay away from 123456, 12345678, repeating numbers, password, password1, I love you, qwerty, 1q2w3e, qwertyuiop, abc123, or sequences.  If a password is easy to guess, don’t use, as your account is already toast.  Don’t consider using special public dates like birthdays or wedding days; if you agree to do all these, kudos!  I know you have many websites, but using the same password on all sites is a recipe for getting hacked sooner or later.  Remember to use a complex password and enable MFA on all accounts.

Did you know that in the biometric industry, many organizations are releasing standards for security?

Passwords have always been important, but with all bad actors, MFA utilizing biometrics is no longer a  luxury but a necessity to secure accounts and your identity.  ISO (International Organization for Standards), IEC(Intro Electrotechnical Commission), NIST(Nationa Institute for Standards and Technology), and STQC(Standardization Testing and Quality Certification) concerning Biometrics are releasing new security standards, many taking an AI approach.

Did you know that AI Face recognition has been around for a while but has caused issues?

In 1993, the DARPA (Defense Advanced Research Project Agency) and the ARL (Army Research Laboratory) developed FERT (Face Recognition Technology) to match up facial images with a database to be used in a live environment for security, intelligence, and law enforcement.  Unfortunately, the false read rate of FERT was anywhere from 10 to many times over 1000 reads.  Issues were noticed with different skin colors and tones, certain facial features such as facial hairs, etc.    These ambiguities can be resolved by combining DL (Deep Learning) and ML (Machine Learning).

When did fingerprints become digital?

In 1980, NEC received a U.S. patent for automatic minutiae detection. This technology allowed the detection of endpoints and the splitting into two parts on a thin ridged skeleton regarding the number of adjacent pixels.  Immediately after this award, they began marketing their new automated fingerprint identification system in the United States a few years later.  By 1999, the FBI had an integrated Automated Fingerprint Identification System(IAFIS), which stores fingerprints known as biometrics in a database. Fingerprint reading has also been plagued with inconclusive scans due to skin color, tone, damaged fingerprints from scars, and even those with tiny fingerprint surface areas.  The AI field is hoping to solve this issue by utilizing ANN (Artificial Neural Networks), Deep Neural Networks (DNN), Support Vector Machine (SVM), and even Genetic Algorithms (GA) to solve these challenges.

Did you know Many companies are utilizing Retina or Eye Scanning to Validate Identity?

Retina scanning originated in 135 but was not used commercially until 1984 by Eyedenity.  Today, Iris scanning has been used. Although Retina scanning is 20,000 times more accurate, it requires the person to focus on a single point for 15 seconds.  Dr. Frank Burch discovered the concept of iris scanning in 1936 and stated that the complex patterns of an individual eye could be used to differentiate them from another.  Today, Iris scanning, even though it is less effective than retina scanning, is used because it is more user-friendly because it uses contactless digital photography to verify identity.  Research teams have already figured out by using ML to teach a system to recognize a live person’s iris versus one that had passed away.  Did you know they were 99% effective with this technology?  Unfortunately, they did hit one snag: the person had to be deceased for at least sixteen hours for it to read correctly.

Did you know that AI has already given us three new ways of identification?

Did you know that AI can recognize someone using keystroke dynamics?  Keystroke dynamics measure how a person presses the keys and the time lapse between presses, and then creates a profile to identify them later quickly.  Another method derived from AI while teaching robots how to walk is how to analyze a person’s Gait.  In gait recognition, the system measures the person’s walking pace, speed, and G-force and then creates a profile to identify them easily later.  Lastly, AI has also brought us emotion detection, the ability to measure face mimics, micromovements, and facial muscles, register a specific emotion, and then allow it to be retried later for identification.

What does all this mean to me?

AI with DL & ML has helped us take many leaps, and there will be many other boundaries to cross with the evolution of these AI tools.  We have learned that researchers and scientists work daily with AI in the biometrics industry to improve the accuracy of recognition and its performance.  Unfortunately, many bad actors can exploit software and hardware, and development teams and manufacturers are not paying attention to this risk.  While technology in security appears impressive, choosing to implement it without the proper safeguards may hinder a company, county, state, or even the world.

Check out more of my amazing content at