We’ve arrived at another World Password Day – a helpful prod for us all to make sure we’re keeping our personal and work accounts as secure as can be.
But as more advanced technology comes into the security arena, the days of the humble password may be numbers, regardless of how complex they are.
Here, three experts discuss the latest advancements in security technology and offer up their tips and tricks for consumers and businesses when it comes to keeping their data safe:
BullGuard: “Are passwords becoming obsolete?”
Because of their inherent vulnerability should we be seeing the slow decline of the password? If so, what will replace it and what will we be using five years from now? BullGuard provides some insight by looking at how today’s developments are evolving from their password roots and how they might shape the future.
Iris, fingerprint, voice and face readers are some of the most common uses of ID authentication today. In fact, in establishments where security is number one priority, they have been in use for a long time. Today, fingerprint authentication is mainstream and the use of face recognition is also gaining ground. Some financial service providers are already using it. A user simply snaps a selfie and links it to their payment card. Sounds great, but biometrics have a crucial vulnerability. All of us only have one face, two retinas and 10 fingerprints. They represent passwords that can’t be reset if they’re compromised. In 2015, for instance, a database containing the fingerprints of 5.6 million U.S. federal employees was breached.
Zero login is the use of unique behavioral characteristics such as typing patterns, location and occupation to verify identity. It enables you to log in into applications and online services without needing to do anything. Recent iPhone models already allow the user to change the pressure of their home button and to detect and remember signals from other devices such as your car or headphones. But how do you know when you have successfully logged out? If your phone is collecting all of this information about you, how is it being protected and where is it being sent? stored across the internet. Many of us want to keep some parts of our lives separate and even if this information is encrypted there is still a chance it can be seized by attackers.
How do you like the thought on inserting a tiny microchip into your body, the equivalent of a password? This idea has been around a while. But today a Swedish company, Epicenter, and a few others, have made employee micro chipping available on a wide scale to replace passwords and keys. They can enter buildings, open doors, access computers and so on by just placing their micro-chipped hand next to the reader.
A person’s brain password is a digital reading of their brain activity while looking at a series of different kinds of pictures and objects. A person is initially authenticated with a passport, other identifying paperwork, or have their fingerprints or face checked against existing records. Their brain waves when responding to different stimuli reveal a unique biological brain structure which in turn creates a brain password. The two together create a unique password that can’t be replicated.
DNA-based authentication is not far away. Qatar and Estonia already take DNA readings of citizens to map out and get ahead of potential health problems such as disease outbreak while also recommending lifestyle choices. But much closer to home, a new social platform is planning to introduce DNA-based ID so the potential for fraud on the platform is effectively killed at birth. The platform readily admits it’s a difficult and complex project, not least securing the DNA prints.
Five years from now
So what types of passwords can we expect to see in five years? All of the methods mentioned above have an inherent flaw, how can you store the information securely and guarantee that it won’t be hacked? It’s the same issue faced by today’s use of passwords with the exception that these new authentication methods are near impossible to imitate. However, some of the above methods also pose ethical issues that need to be overcome. At what point does the password identifier use information that is too personal, what is considered too personal and what safeguards will be in place to avoid the misuse of this data? These are big questions and they can’t be answered easily.
Paul Lipman, CEO, BullGuard, commented: “Given current trends it is likely that within five years biometric-based identification will certainly be much more widespread and used in conjunction with two-factor authentication (2FA) to provide an extra layer of security. Passwords won’t be dead as such; in fact their use will remain commonplace but most likely they will be supplemented by biometrics and 2FA to the point where this will become the norm.”
Norton: “Simple steps to stay safe online”
According to a recent report by Norton, nearly 17 million British consumers experienced cyber crime just in the past year, so it’s important to remember that even the strongest passwords cannot keep hackers away. To protect their digital identity, consumers can take several simple steps to stay safe online.
“Passwords are commonplace in the internet era. We are required to use them for everything, from ordering flowers to online banking and social networking to shopping around for deals,” said Nick Shaw, vice president and general manager of Norton EMEA.
“Despite this, many of us admit to simply using the word ‘password’ or an easily guessable word for all their accounts, such as children, pet names, favourite sports team and dates of birth. A hacker can find such details easily on social media, so if this sounds familiar it’s time to shake it up; using the same password means that if one of your accounts is compromised hackers have a direct route into all of your online accounts, through your password.”
Here are Norton’s top tips:
– Never open suspicious-looking emails: Cyber criminals send fake emails or texts that may look legitimate. The links in these emails or texts contain malicious software that can download malware and spyware. The software may be able to mine your computer for personal information, which is then sent to a remote computer where the attacker could sell the information on the dark web or use the information to commit identity theft.
– Make use of a VPN on public Wi-Fi: Many public Wi-Fi connections are unencrypted. This could give cyber criminals a chance to snoop on data being sent and received by your device. If there are software vulnerabilities on your device, attackers can inject malware to help them gain access to your data. In some cases, attackers create fake Wi-Fi hotspots purporting to be legitimate networks.
– Own your online presence: Carefully read the terms and conditions before opening an account or downloading an application, including social media accounts. Be sure to set the privacy and security settings on web services and devices to your comfort level for information sharing.
– Get two steps ahead and manage your passwords: Switch on two-step verification or multi-factor authentication wherever offered to help prevent unauthorised access to your online accounts. Always change the default passwords to something strong and unique on your devices, services, and Wi-Fi networks.
Okta: “Biometrics can add an extra level of security”
Jesper Frederisken, VP and GM at Okta, believes biometrics are transforming the way we think about authentication.
“Looking from a security perspective, although biometrics will not completely replace passwords in the immediate future, they do provide a supporting security layer as part of a multi-factor authentication model. The financial services sector, for example, has already experimented with biometrics for regulating access to certain services. Major banks have incorporated tools such as voice and fingerprint recognition as an additional security measure to ensure that only the correct party receives access, protecting against bad actors,” commented Frederisken.
“It wasn’t long ago that fingerprint authentication was considered alien. Now we’re already seeing growing acceptance and popularity of facial recognition within the consumer space with the latest smartphones. Biometrics are transforming the sign-on experience as people increasingly authenticate with “something you are” (biometrics) rather than “something you know” (passwords or patterns).”
Entries for PCR 30 Under 30 are now open. Nominate yourself or a colleague now!