As more of life happens online, from banking to socializing, the usernames and complex passwords we must keep track of has multiplied to staggering proportions. Is there an end in sight for having to create so many different logins?

Looking ahead, experts predict that we will further embrace “universal logins” that let us sign in once to gain access to our Web services. Before long, cell phones may serve as personal keys to our own online kingdom. Secure logins might be based more on physical characteristics, such as iris patterns and voices, which cannot be forgotten or misplaced. And further down the road, we may transcend the need for passwords online as we become truly integrated into the electronic realm.

To be effective, today’s usernames and passwords often require a complex mix of capital letters, numerals and special characters, such as a pound symbol, with requirements varying by Web site. Although onerous, these requirements have been widely adopted and successful in discouraging registrants from picking easy passwords, such as the name of their pet or a common dictionary word.

From the security point of view at least, that’s a good thing. But remembering several complex and hopeful effective passwords can be a bad thing.

For many people, the pain of logging in has been eased via “password managers”. These programs, usually part of Web browsers such as Mozilla Firefox, remember usernames and passwords and automatically populate these fields onscreen.

While sparing some keystrokes and aggravation, this setup poses an obvious security threat if a computer is stolen. It can also leave one in a lurch when trying to sign into Web sites from another computer.

One login

In place of juggling dozens of logins or relying on password manager prompts, many “single sign-on” services have emerged, which create a master login that then works across different Web sites.

In the online world, this credential translates to accessing multiple services. Some 9 million Web sites now accept the single sign-on called OpenID that is authenticated and issued by big companies including Google and Yahoo!.

Going mobile

Yet critics of single sign-on cite the “all eggs in one basket” risk it carries – if one Web site’s security is compromised, then all others accepting a user’s single sign-on can be as well.

Plus, electronic credentials can be forged, especially over the Internet.

In just a few years, Bob Blakley of the research firm Burton Group, thinks single sign-on will instead be done right from our cell phones. Though cell phones can be lost, people have developed almost a “psychic affinity” for them, Blakley said, realizing quickly when the device is gone, unlike an electronically hacked username and password. In this way, cell phones could act as the “keys” to let us securely login to our computers or right into our Web services without entering additional sign-ins once there.

Personalized passwords

These things include technologies based on biometrics – the measurement of a unique or highly personal physical characteristic, such as fingerprints or iris patterns, to prove identity.

Herring’s company makes the Palm Secure, a desktop device geared for businesses that uses near-infrared light to read the vein patterns in employees’ palms for secure logins. Herring said the device’s false acceptance rate is just 0.0008 per cent. compared to about one per cent. for the fingerprint scanners commonly found on laptops.

But, however low error rates get, all biometrics are inherently unreliable at some statistical level. Furthermore, environmental conditions can mess up biometricbased logins. A noisy airport can interfere with voice recognition, for example, not to mention a voicealtering cold or injury.

Recognizing the future

In perhaps a decade, Blakley thinks logging in will no longer rely on authentication – proving who one is to a computer or an online registry – but instead recognition will take over.

As bandwidth continues to increase, electronic presences will increase to such an extent that Web services and companies will be able to tell who one is without the online consumer having to present a secret code.

The traditional logging in with a username and password might go the way of the floppy disk.

Still, despite their flaws, passwords have a long historical precedent that may be hard to break from in the future online world