OPINION: Passwords are yesterday’s technology, biometrics are the future, argues Experian’s head of identity and fraud
Earlier this week, the expert who came up with the password advice that still forms the majority of guidelines today, said he pretty much regretted everything he came up with back in 2003. However attention is now turning towards biometric authentication as a possible replacement or as an added level of security. The technology isn’t perfect but is rapidly gaining acceptance.
Nick Mothershaw, director of identity and fraud at Experian, makes the case for biometrics.
Over the last 20 years identity has gone through a lot of change. Paper processes have evolved to electronic data, and consequently, paper documents are used less often in the verification process people have to go through when interacting with regulation and authority.
This change has stemmed from organisations like credit reference agencies such as Experian, who can validate an identity using trusted data – digitally, faster, and smarter.
This system has served us well, but now it has run its course, and is no longer inclusive of today’s needs and expectations. We are now a fully digital age and, consequently, identity verification must enter it too. Identity is on the cusp of a great change.
And many in the enterprise are not yet sure how to manage the new technologies promising to revolutionise the process for them and their customers.
The problem of passwords
The path to establishing thorough and trusted digital identities hasn’t been faultless. As a digital economy, we’re still reliant on usernames, passwords, and security questions as a way to identify an individual. Customers have become used to this type of data exchange in order to validate their identity when necessary. But the fraudster has become all too familiar too.
Passwords are easy to forget. Research shows that most people have between 6 and 10 passwords they actively use, and 4 out of 10 need to use a password memory service to help them with remembering.
With more than half changing their password when prompted, you can start to see a trend that suggests widespread inconvenience that every reader will have anecdotal evidence for. Interestingly, research also shows that people don’t think that retail, utility or social media passwords should be as secure as a bank’s.
What is your biggest cybersecurity concern?
- Ransomware (28%)
- Humans / Social Engineering (27%)
- State sponsored hackers (14%)
- Malware (14%)
- Other (7%)
- Out of date tools (6%)
- DDoS (4%)
Even though a lot of these hold bank details and personally identifiable information. (44 percent on average think they should have a ‘very secure’ password, compared to 86 percent who think a bank password should be ‘very secure’).
These are often used in multiple accounts, including using the same password for a bank account as they do a retailer. This represents a fraud risk, and one that most consumers should know, even if they aren’t changing their behaviour to mitigate it. The many advantages offered through new and sophisticated technologies are not being fully utilised – but all that is about to change.
Passwords are yesterday’s technology. They are forgettable and subject to compromise.
The average consumer has 26 online accounts and most people have between 6 and 10 passwords they actively use. Four out of 10 need to use a password memory service to help them with remembering all of their passwords as eight characters is the recommended minimum (and should contain a mix of four different types of characters).
The burgeoning bounty of biometrics
For all their problems it’s likely passwords and usernames will be replaced. Or at least augmented with some form of biometric login to enhance security without comprising user experience. Headway has already been made and many banks allow access by fingerprint to view account information and engage with their accounts – and more recently, voice.
Because biometric information represents who an individual ‘is’, a fingerprint, an impression of an iris, a voice or a face, are things that a people can’t forget or lose, and thus are resilient against fraud. Biometrics are today’s technology. They are more secure and you can’t forget them and their mass use is now a reality.
The public agrees, our survey found that 74 percent believe that biometric security is the future of identity verification.
Go to page 2 for the public’s view on privacy …