The most popular and comprehensive Open Source ECM platform
Let us know more
Security: Alternatives to Passwords to Become More Common
The most commonly used passwords used to secure internet accounts include ‘123456’, ‘password’, ‘12345’, ‘12345678’, and ‘qwerty’, according to a survey by Cyber Streetwise. An added problem is that many people use the same password for multiple accounts. It’s no wonder the frequency with which online accounts are compromised.
Mark James, an IT security specialist for anti-virus firm ESET, said that “creating and using good passwords is not rocket science. But sadly most people choose ease of use over security. We all want easy in this modern age, we associate advances with electronics with making things simpler for us and very rarely look at the security risks involved when using these devices.”
The problem is that secure passwords are easily forgotten. 30 percent of IT customer support calls are related to password problems according to Gartner. These include problems with account lockout, reactivation and forgotten passwords.
The use of passwords for security is flawed, and that has prompted a search for alternatives.
Robin Murdoch, managing director of Accenture, said that “as hackers use more-sophisticated and less-obvious methods, passwords are no longer seen as the definitive answers to the security question. Traditional one-step passwords are now being matched with alternative methods using biometric technologies such as fingerprint recognition and two-step device verification. Within the next few years we are likely to see many more consumers embracing these and other alternative methods.”
Biometrics provide an alternative that has been widely investigated. Fingerprint scans is becoming increasingly common as an option, but these too are easily hacked.
Other biometric security methods include:
- Brainwave scans
- Heartbeat patterns
- Voice recognition/identification
- Facial recognition, like Intel’s RealSense 3D cameras
Trying to involve biometrics could only end up with pleasing criminals.
Whether face, iris, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keeping the near-zero false acceptance.
Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security.
In short, biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security. It may be interesting to have a quick look at a slide titled “PASSWORD-DEPENDENT PASSWORD-KILLER” shown at
http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802