Why passwords will never be replaced by our bodies

A combination of strong password authentication and biometrics is the potential way forward for a low-cost, simple and secure digital customer journey. Story by Simon Cadbury.

Why passwords will never be replaced by our bodies. Image by archy13, iStockphoto.com

When it comes to computing, passwords have been with us since the very beginning. The very first logins were set up as part of MIT’s Computer Time Sharing System in 1960, and as computing hit the mainstream, passwords became an established part of our lives.

However, the beloved password isn’t without its flaws, and as technology becomes more advanced, its problems are becoming increasingly evident. Worryingly, Verizon’s 2016 Data Breach Investigations Report (now updated) found that 63% of confirmed data breaches involved weak, default or stolen passwords, and that breaches were typically exacerbated by consumers opting to reuse passwords, or share them with family and friends. Given that the most commonly used password is ‘123456’, most do not present much of a challenge to savvy phishing and hacking attacks.

Enter biometrics. For a long time, biometric authentication – identity verification based on measurable biological traits – has been considered the technology most likely to supplant passwords. Directly addressing the weaknesses of passwords, biometric measures are secure, they don’t tax your memory or rely on your ability to keep them secret, and you can’t lose, forget or share them. Many banks have already begun to implement biometric security procedures, with consumers now using all types of digital banking technology, including HSBC’s voice recognition system, Mastercard’s selfie payment technology, and Barclays’ finger vein authentication technology.

Nonetheless, as with passwords, there are challenges. For a start, implementing biometric security measures can be costly and complex – a significant hindrance to any business. Additionally, most biometrics are not black and white: when we enter a password, it’s either right or wrong, with no margin for error. Biometrics, on the other hand, say how likely it is that somebody is who they claim to be and need to be tuned.

Finally, and most importantly, biometrics cannot be reset. Once a security breach has occurred, there’s no turning back. People can’t change their tone of voice or their fingerprints, and we’ve already seen security measures hacked with very little effort.

Behavioral measures

A lot of work is being done to try to make biometrics more affordable and less susceptible to breaches. One potential option is through exploring behavioral measures which, unlike physical attributes, can be reset. Moreover, two-factor authentication (2FA) systems offer another alternative: By combining a password and something you ‘have’, such as a mobile device, you can create a robust process that could extend the life of password authentication into the foreseeable future. And, while it lacks the convenience of the traditional method, it’s a step in the right direction to providing a highly secure, easy to use, and resettable process.

Ultimately, it’s becoming clear that current password processes aren’t working well enough or doing what they’re designed to do, which is protect us. They need to be improved. By combining stronger password authentication with efficient monitoring of unusual behavior, and with the added security of biometrics through financial services technology, consumers can continue to enjoy the considerable advantages of a low-cost, simple, and secure digital customer journey.


Tags: , ,

Request a Call

Want to see Interact in action?
Click here to request a demo.

Request a Call

Top stories -

Blog -

How pocket money works in the digital age

How young people, with the help of digital banking and mobile devices, are starting to find their financial feet. Story...

Read more
Blog -

It’s no longer right to talk about digital banking –...

Technology is a small part of digital maturity, says Simon Cadbury. There's more to transformation than simply embracing...

Read more
Events -

The Digital Banking Club – Motor Finance 2018

The DBC and ieDigital will host a special breakfast session at The Law Society in London, 29 November 2018. Save the...

Read more