Time for passwords to go

13

September

2021

No ratings yet.

Creating, remembering, and filling in passwords has become so baked into daily life that it is hard to imagine not having to fill in a string of text before being able to log in. However, as technology has advanced, is it not weird that passwords barely have? 80% of data breaches are still caused by weak and stolen passwords.

With every login now requiring a username and password, it is not hard to imagine that people make mistakes with them. As people need to remember so many different passwords, they start writing them on Post-It notes, re-using the same password for different sites, and/or using simple passwords like ‘123456’ or their birthdate. The best way to navigate all the different login details nowadays is probably through a password manager. A password manager is an application that allows you to securely store all your different login details and unlock them with a single password or a biometric identification method, like fingerprint scan. Still, there is a password here that one needs to remember and that can be retrieved by other people through shoulder surfing.

Password managers are still not common in most companies. From my experience HR often decides your login credentials and wants to be able to provide the IT department with your password in case anything goes wrong. Most accounts for third-party sites are shared throughout the company and passwords details are carelessly shared through email. Data breaches and account resets have become a very costly thing for large organizations, so why not develop a safer way to log in?

Biometrical identification methods, like fingerprint and face recognition, should become more mainstream and integrated in the services we use everyday. Most phones already use it. However, websites and programs often do not. Good integration between hardware and software is needed to offer biometric logins for all services and sites. Biometric data has some substantial advantages over traditional passwords.

  1. Biometric data is (nearly) impossible to forger. For example, fingerprint scanners test on fingerprints on 30 specific points. It is impossible for two humans to have more than 8 identical features. The very minute chance of a false positive or negative is far less significant compared to the security risks of passwords as they are used today.
  2. Biometric data is permanent. There is no risk of forgetting your fingerprint as there is with forgetting your password.
  3. Biometric data is faster. Typing in, and often retrying your passwords, takes far more time than simply using facial recognition to log in. Many people want to login fast with most of the services that they use, therefore they choose easy passwords that they also use for other accounts. Biometric data is faster and safer.

However, there are some risks that biometrical login methods face:

  1. Biometric data is permanent. If someone somehow managed to get a scan of your face, it is impossible to change it, like you can with passwords. Most identification tools are pretty good at detecting when they are being fooled and the security is constantly improving, therefore I do not suspect this to be that big of an issue.
  2. Biometric data is highly privacy-sensitive. There are some valid concerns that people have with providing an unknown service with a scan of their finger. To solve this, standards need to be developed and most of the processing needs to be done on device instead of in the cloud. It is likely that we will see a few large biometric login providers pop up that will become renowned names and people will have less of an issue with providing scans to those companies.

I think the time has come for passwords to go. There are too many risks and a good alternative that make the use of passwords outdated.

Links:

https://www.sutcliffeinsurance.co.uk/news/8-most-common-causes-of-data-breach/
https://tcrn.ch/2SnNGis
https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/inspired/biometrics

Please rate this

1 thought on “Time for passwords to go”

  1. I think this was an interesting read as I had the same issues literally when making this blog account. With how the current world is flooded with different applications and online websites, creating a username and password is equivalent to sharing your name to an AI bot. I definitely agree there should be a change towards traditional passwords and login methods.

    It’s comforting to know how giant technology companies such as Apple and Samsung has already implemented biometrics to log into their hardware, with a fingerprint sensor for Mac book and face recognition for Samsung smartphones. However, these approaches are more widely accepted as oppose to utilizing biometrics for a website or application login for example. Phones and laptops could be considered someone’s property and therefore, I think this is why people are more willing to use fingerprint passwords for these items. Data privacy has always been an ongoing issue concerning the spread of data and information and thus, I think the world might need convincing before sharing their biometrics to applications and websites that simply requires a username and password.

    Finding a way to overcome the obstacles you mentioned might be the next innovation in the data privacy domain, I would like to see big and small technology companies attempt to resolve this.

Leave a Reply

Your email address will not be published. Required fields are marked *