Hands Down: Why Passwords Will Never Be Replaced By Our Bodies
When it comes to computing, passwords have been with us since the very beginning.
The very first logins were set up as part of MIT’s Computer Time Sharing System in 1960 and, as computing hit the mainstream, passwords became an established part of our lives.
However, the beloved password is not without its flaws and, as technology becomes more advanced, its problems are becoming increasingly evident. Worryingly, Verizon’s 2016 Data Breach Investigations Report found that 63 per cent of confirmed data breaches involved weak, default, or stolen passwords, and that breaches were typically exacerbated by consumers opting to reuse passwords, or share them with family and friends. Given that the most commonly used password is ‘123456’, most do not present much of a challenge to savvy phishing and hacking attacks.
Enter biometrics. For a long time, biometric authentication – identity verification based on measurable biological traits – has been considered the technology most likely to supplant passwords. Directly addressing the weaknesses of passwords, biometric measures are secure, they don’t tax your memory or rely on your ability to keep them a secret, and you can’t lose, forget or share them. Many banks have already begun to implement biometric security procedures, with consumers now using all types of digital banking technology including HSBC’s ‘voiceprints’, MasterCard’s ‘selfie pay’, and Barclays’ finger vein scanning technology.
Nonetheless, as with passwords, there are challenges. For a start, implementing biometric security measures can be both costly and complex, a significant hindrance to any business. Additionally, most biometrics are not ‘black and white’: when we enter a password, it is either right or wrong, there is no margin of error. Biometrics, on the other hand, say how likely it is that somebody is who they claim to be and need to be tuned.
Finally, and most importantly, biometrics cannot be reset. Once a security breach has occurred, there is no turning back. People can’t change their tone of voice or their fingerprints, and we’ve already seen both security measures hacked with very little effort.
A lot of work is being done to try to make biometrics both more affordable and less susceptible to breaches. One potential option is through exploring behavioural measures which, unlike physical attributes, can be reset. Moreover, two-factor authentication systems offer another alternative: by combining a password and something you ‘have’, such as a mobile device, you can create a robust process that could extend the life of password authentication into the foreseeable future. And, while it lacks the convenience of the traditional method, it’s a step in the right direction to providing a highly secure, easy to use, and resettable process.
Ultimately, it’s becoming clear that current password processes are not working well enough or doing what they are designed to do – protect. They need to be improved. By combining stronger password authentication with efficient monitoring of unusual behaviour, and with the added security of biometrics through financial services technology, consumers can continue to enjoy the considerable advantages of a low cost, simple, and secure digital customer journey.
Read more on this topic in Simon’s latest white paper ‘Your body won’t replace your passwords’