As the recent massive data breach experienced by credit report company Equifax shows, passwords don’t do much to safeguard security in the digital world.
The Death of the Password?
First, passwords do little to protect consumers if their personal information is in the hands of hackers. Passwords can be guessed from personal information. They can also be reset by skillful cyberthieves.
Second, people are notoriously poor at choosing passwords that protect their accounts. An extraordinarily high number of people still use the extremely hackable “password” or “1234” as passwords.
In addition, technology news indicates that roughly 70% of consumers have 10 or more accounts requiring passwords. Few people have time, creativity, or inclination to create separate passwords for each account. Fewer still choose passwords that are hard to hack. (The current top recommendation for hard-to-hack passwords is to choose a phrase or series of words at random. The theory is that cybercriminals might guess commonly used passwords, such as your maiden name or partner’s or children’s name or birthday, but would be much less likely to hit upon a phrase you generated at random.) Fewer still change their passwords as often as best practices indicate they should, at roughly six months.
Human nature being what it is, it’s possible that passwords are headed for extinction as a method of securing computer accounts. Equifax is not the only large data breach, of course. And of the five largest that occurred last year, all involved some form of compromised passwords. Many were old or reused from other accounts.
Will biometric methods be the next security frontier?
What Comes Next?
If passwords often provide little initial security protection or can be compromised even if they do, what comes next in business strategy? Does the future belong to eye, voice or other forms of recognition?
Proponents of biometric security, the umbrella term for security methods that use parts of the human body like eye, voice, or fingerprints, say yes. Digital systems are built to recognize faces or individual parts of same, such as eyes. Voiceprints and fingerprints are both in use in products. Some financial companies, such as Fidelity, offer voice authentication rather than passwords. Products such as Apple Touch ID have been rolled out with fingerprints as security.
Yet even proponents of biometric security acknowledge that there are challenges to full security using these methods. Like passwords, some methods can be compromised. Fingerprints, for example, can be “spooked” by creating models out of such common products as Play-Doh. Eye recognition can be thwarted by sunglasses.
These concerns led Apple Touch ID to move to facial recognition.
Other companies have gone further. CNBC reports that one available method is to build a security profile from a user’s physical actions while using computer systems. Everything from one’s characteristic use of the mouse to typing speed is utilized to generate a digi-print. Proponents say that once built, such a method could have 95% accuracy.
Will such systems work as effectively as proponents claim? Will they be adopted by organizations and consumers? It remains to be seen. But it is clear that passwords are no longer particularly useful as gatekeepers. Unfortunately, security systems and identity thieves have formed a cops and robbers system in which they continuously chase each other.