Richard Parris, CEO at software firm Intercede, says that while a password may have sufficed as a secure method of authentication 20 years ago, this is no longer the case.
The headlines have been plagued with news of cyber hacks during the last year. From iCloud to eBay and more recently Dropbox, seemingly every tech giant has been targeted.
If we’ve learnt anything from these security breaches, it’s that the humble username and password is well and truly dead in terms of effectiveness. Yet despite this, it still remains the preferred method of authentication for many organisations. Why so? Some would speculate that it’s down to laziness, but the more likely explanation is a lack of education.
A recent consumer survey commissioned by Intercede in the UK and US found that despite concerns about the protection of their digital assets, many consumers continue to share their passwords with friends, family members and even work colleagues. Furthermore, many respondents remember all of their passwords without recording them anywhere else or using a password management system, implying either that society is bursting with geniuses capable of remembering multiple sets of complex passwords, or that consumers are using the same basic password combinations for more than one account (I suspect it’s the latter).
Late last year MasterCard and Visa announced plans to kill off password authentication altogether, explaining that they wanted a solution that was ‘safe as well as simple’. Contrary to popular belief, secure authentication need not be complicated, nor need it be laborious. However, while a password may have sufficed as a secure method of authentication 20 or 30 years ago, this is no longer the case.
The standard of good security practice has transformed dramatically over the last ten years, but the average consumer is yet to recognise this. Today verifying the identity of a person and the device they’re using to access a website, app or system is of growing importance. Already a well-established method in the banking and finance space and with chip and PIN accepted around the world, two-factor authentication is acknowledged in the industry as a more secure method of authentication than passwords.
Two-factor authentication verifies a person’s identity by taking something they have and combining it with something they know. With identity comes accountability, in turn providing the best protection against online crime towards personal assets such as bank accounts and other financial services.
Companies like Facebook and PayPal have given users the option to adopt two-factor authentication, and it would be interesting to see just how many people have implemented it. There is still a large gap in consumer knowledge and perception, and with the Internet of Things set to explode in 2015, it is vital that this gap is addressed sooner rather than later.