Each year, there are many hacking attempts on companies. Some of these attempts are successful. Bad passwords and user error are usually to blame. Websites like https://haveibeenpwned.com/ allow users to search whether their emails were involved in data breaches. Try your email and see what comes up. Companies are trying to rid their establishments of passwords, and many of those features are coming to consumer products.
There are three ways to authenticate. They are:
- What you know – passwords, pins, security questions etc.
- What you have – phone, bank card etc.
- Who you are – biometrics (face scan, fingerprint) etc.
We love passwords, almost to the point of fixation. Many users may not want to use other methods out of “fear”. However, passwords are the weakest authentication link. The fact is, passwords are stored on servers, and that can spell all kinds of trouble. Entities like the Fido Alliance want to create a world free of passwords.
The Fido (Fast Identity Online) Alliance is a group of companies dedicated to creating “authentication standards to help reduce the world’s over-reliance on passwords.” The Alliance includes Samsung, Google, Amazon, Microsoft, Facebook, Mastercard, Visa, among many others. But why is there a syndicate solely dedicated to getting rid of passwords?
According to the Fido Alliance:
- Password issues cause more than 80% of data breaches.
- Many users have more than 50 online accounts
- “Up to 51% of passwords are reused.”
- It costs companies a lot to deal with password resets
It costs US companies an average of US$70 (per call) in customer service labour to reset a password. Multiply that number by the hundreds of customers calling multiple times a year, and that figure expands.
Also, data breaches can cost companies millions of dollars in damages. Yahoo agreed to pay US$117.5 million in a settlement due to data breaches that affected millions of users around the world from 2012 to 2016.
Fido is trying to create standards they hope will become widespread and change the way we authenticate. These standards should alleviate a company’s need to spend millions on developing new standards from scratch and making verification easier for users worldwide. Nobody wants another complicated, lengthy, interrogative security hurdle to browse Instagram.
The Fido Alliance is not the only entity concerned about the password issue. Apple Computer has been championing biometric security for years. Biometric Security refers to any security technology that uses a unique characteristic of an individual to gain access to a system. These can be facial recognition, fingerprint scanning, voice pattern recognition, among others.
“The best part is that the biometric information is stored locally on devices, so they can’t be accessed in a data breach.”
A great example of this is the fingerprint sensor or Face ID technology on your smartphone. Microsoft has face and fingerprint scanning technology “Windows Hello” that allows its users password-free entry. Banks like FirstCaribbean and Bank of America enable biometric authentication. The best part is that the biometric information is stored locally on devices, so they can’t be accessed in a data breach.
There are also other methods of access. Multi-Factor Authentication complements passwords with another form of identification. Physical security keys like YubiKey look like thumb drives that you stick into or near your computer as a way of verifying that you are you.
In today’s digital economy, cybersecurity is critical to the smooth operation of companies across the globe.
You’ll also have to touch the Yubikey to prove you’re present physically. There are also apps like Google or Microsoft Authenticator that generate one-time codes for access to your accounts. You can also use your smartphone as an authentication device. Many companies now rely on biometric or device authentication.
In today’s digital economy, cybersecurity is critical to the smooth operation of companies across the globe. Adoption of new and emerging tech may be slow. Hopefully, passwords will make way for more convenient and more secure methods of verification.