Passwords Must Go

Late last year, mobile software vendor SplashData crowned “123456” as the most popular password used on the Internet. It even beat the not-so-cunning “PASSWORD,” becoming the weakest one used in 2014.

Not surprisingly, an uptick in ID theft and account breaches was also registered in last year. One particularly interesting episode we can all recall was a widely publicized celebrity nude leak.

Tech vendors obsessively advise that users employ a strong password – typically longer than 8 characters of varying types – and two-factor authentication (TFA), but even that’s not enough in the face of phishing scams and keyloggers.

“Kill the Password Dead”

White House cybersecurity coordinator Michael Daniel believes traditional strings of characters have become so futile that they should be completely eradicated. Once the definition of security, passwords nowadays are anything but safe.

I would love to kill the password dead as a primary security method because it’s terrible,” Daniel said at a security forum.

Photo by Yura Fresh on Unsplash

Breaches of major retailers and banks resulted in tens of millions of passwords getting stolen last year, while identity theft remains the biggest source of fraud complaints in the United States, according to AFP. Mobile commerce also incurred a massive blow.

It’s high time we authenticated smarter

Daniel maintains that passwords should be completely replaced with biometric solutions. Ramesh Kesanupalli, vice president of the standard-setting Fast IDentity Online Alliance (FIDO), agrees. He sees fingerprints and retina scans as far more secure than even multi-factor authentication.

If you don’t eliminate dependency on the password you’re not solving the problem, you are only treating the symptom,” Kesanupalli said.

No shortage of choices

Biometric authentication, such as fingerprint scanning or facial recognition, isn’t exactly a novelty. Yet somehow it has failed to gain widespread adoption in some areas, such as desktop computers and data centers. But if Apple’s Touch ID is any indication, we’re in for a huge uptick in adoption.

The California-based behemoth not only offers the fingerprint sensor in phones, but also in tablets. Qualcomm itself offers 3D fingerprint technology as well, and Samsung also equips some phones with the lofty authentication tech. But there’s more than one way to unlock a system with your physiological particularities.

Another widespread solution is facial recognition, which uses specialized software that leverages a device’s built-in camera. Voice recognition works in pretty much the same way, but by taking advantage of a microphone this time. And if we’ve learned anything from James Bond movies, it’s best to use these technologies in tandem to better safeguard our information.

While your phone may or may contain more-or-less sensitive information, a company server will hold tons of data that cannot risk getting leaked. Data breach is one of the worst things that can happen to a large business, making it imperative for biometrics to start gaining traction in this particular sector as well.

It’s worth noting that biometric solutions can be foiled too, albeit a tad harder. One major weak point is the nature of the data required to authenticate – it’s public. Everyone can see your face, hear your voice, and even lift a fingerprint off you. The real problem lies at a software level, where these “tokens” get interpreted. If the system isn’t taught to sense a fake, a biometric lock becomes about as useless as 123456.

Post A Reply