Despite repeated reminders, many people do not undertake effective password management. This includes having weak passwords and the repeated use of the same password. To raise awareness of good password hygiene and help protect consumers from fraud, industry experts have offered some useful advice.
The problem is, like most public information messages, the information needs to be said multiple times and the format of the message varied.
It also stands that the concept of the password is, itself, outmoded and there are more robust and stronger solutions available. Also, with the technology and data in abundance today, organisations should be using other, more secure forms of authentication to better protect consumers against the already growing threat of fraud.
Indeed, the inventor of the computer password, Fernando Corbató once said: “passwords have become kind of a nightmare with the World Wide Web.”
Exploring these themes, when asked by Digital Journal, is Benoit Grangé, Chief Technology Evangelist at OneSpan.
Grangé begins by explaining too many people are focusing on the wrong solution to the problem: “A lot of attention today will be on making passwords tougher to crack, but in many respects this conversation is outdated, and we should be looking at moving beyond passwords altogether.”
He adds that: “Passwords are inconvenient and riskier than other authentication options available today because they can be guessed, stolen, or cracked. While we won’t see passwords go completely away anytime soon, a passwordless approach could be the answer to many user friction and security challenges.”
Looming at some real time data, Grangé says: “A recent VISA survey found consumers are ready to leave the password behind. Seventy percent of consumers believe that biometrics are always more comfortable as they do not involve memorising passwords.”
The future state is with. Grangé opines, biometrics. Biometrics refers to the measurement and statistical analysis of people’s unique physical and behavioral characteristics. The primary application relates to identification and access control.
The objective is for every person to be accurately identified by their intrinsic physical or behavioral traits.
By this he outlines the following considerations: “With a plethora of other data pointing to a continuing upward trend in biometric usage, new risk-based multifactor authentication with fingerprint, face, or iris recognition could be the solution that will finally free us from the burden of endless passwords, opening the doors to a brighter, passwordless future.”