Why passwords will never be replaced by our bodies

A combination of strong password authentication and biometrics is the potential way forward for a low-cost, simple and secure digital customer journey. Story by Simon Cadbury.

When it comes to computing, passwords have been with us since the very beginning. The very first logins were set up as part of MIT’s Computer Time Sharing System in 1960, and as computing hit the mainstream, passwords became an established part of our lives.

However, the beloved password isn’t without its flaws, and as technology becomes more advanced, its problems are becoming increasingly evident. Worryingly, Verizon’s 2016 Data Breach Investigations Report (now updated) found that 63% of confirmed data breaches involved weak, default or stolen passwords, and that breaches were typically exacerbated by consumers opting to reuse passwords, or share them with family and friends. Given that the most commonly used password is ‘123456’, most do not present much of a challenge to savvy phishing and hacking attacks.

Enter biometrics. For a long time, biometric authentication – identity verification based on measurable biological traits – has been considered the technology most likely to supplant passwords. Directly addressing the weaknesses of passwords, biometric measures are secure, they don’t tax your memory or rely on your ability to keep them secret, and you can’t lose, forget or share them. Many banks have already begun to implement biometric security procedures, with consumers now using all types of digital banking technology, including HSBC’s voice recognition system, Mastercard’s selfie payment technology, and Barclays’ finger vein authentication technology.

Nonetheless, as with passwords, there are challenges. For a start, implementing biometric security measures can be costly and complex – a significant hindrance to any business. Additionally, most biometrics are not black and white: when we enter a password, it’s either right or wrong, with no margin for error. Biometrics, on the other hand, say how likely it is that somebody is who they claim to be and need to be tuned.

Finally, and most importantly, biometrics cannot be reset. Once a security breach has occurred, there’s no turning back. People can’t change their tone of voice or their fingerprints, and we’ve already seen security measures hacked with very little effort.

Behavioral measures

A lot of work is being done to try to make biometrics more affordable and less susceptible to breaches. One potential option is through exploring behavioral measures which, unlike physical attributes, can be reset. Moreover, two-factor authentication (2FA) systems offer another alternative: By combining a password and something you ‘have’, such as a mobile device, you can create a robust process that could extend the life of password authentication into the foreseeable future. And, while it lacks the convenience of the traditional method, it’s a step in the right direction to providing a highly secure, easy to use, and resettable process.

Ultimately, it’s becoming clear that current password processes aren’t working well enough or doing what they’re designed to do, which is protect us. They need to be improved. By combining stronger password authentication with efficient monitoring of unusual behavior, and with the added security of biometrics through financial services technology, consumers can continue to enjoy the considerable advantages of a low-cost, simple, and secure digital customer journey.

 

Tags: , ,

Request a Call

Want to see Interact in action?
Click here to request a demo.

Request a Call

Top stories -

Blog -

Are Apple’s biometrics secure enough?

The arguments against Touch ID and Face ID may have some technical grounds, but saying they aren’t secure enough...

Read more
Blog -

The ieDigital top 7 articles of 2018

ieDigital covered motor finance, retail banking, AI, debt collection and software development in detail in 2018. But...

Read more
Research papers -

Five ways AI is changing motor finance

Simon Cadbury looks at use cases for game-changing AI in financial services, and suggests it's time to place your trust...

Read more