Last updated: 16 July 2018
We’ve all struggled to remember complicated username and password combinations when trying to access an online account. According to a Dashline Inbox Scan study, the average user has at least 90 online accounts and with every account comes a new password to remember. To make their digital life simpler, 89 per cent of people use the same one or two passwords for everything.
Managing several digital identities using user names and passwords is not something our brains are wired to do. And it also presents a huge security threat – insecure passwords caused an estimated 80 percent of breaches, according to a 2017 report from Verizon.
No doubt, passwords aren’t the best authentication solution in the digital age. But how can digital technologies help us address this issue? With huge strides being made in digital authentication technologies, and biometrics in particular, the end of the password could soon be a reality. Keep reading to find our which 5 technologies can help us kill passwords.
In a previous post, we discussed how biometrics are already helping solve the all-important issue of a “unique identifier”, replacing the username/password combination, while keeping the user experience simple and secure at the same time.
Biometrics refer to the individual’s unique physiological characteristics such as facial recognition, fingerprint authentication, iris scan and DNA. It can be used to automatically identify and authenticate individuals, s and such authentication methods have become the norm for accessing devices like smartphones, smart speakers and tablets. They’ve also been deployed by many eGovernment service providers and financial institutions, and in other aspects of our lives including driving our cars or accessing our homes!
Going forward, behavioral biometrics are becoming a very good alternative for secure authentication, when combined with other authentication methods. As described by IBIA, behavioral biometrics measure the unique patterns which characterize our daily activities. Yes, that’s right, the way we type, walk, our heartbeats, brain waves, and many others, can all be captured in a digital signature that is unique to the individual.
Technologies based on machine-learning algorithms can help build out a rich, multi-dimensional profile of each individual customer. Such technologies are currently used in law enforcement and border control and combined with context-based signals like geolocation, they provide a very personalised and silent authentication method.
Just as insurance companies use data to predict accidents, or retailers to figure out the optimal time to target consumers with a personalised promotion, user authentication could rely on similar data analytics. Machine learning can be used to collect a combination off patterns in data related to log-in times, locations and device footprints. The goal is to spot normal versus abnormal user behaviour and change access accordingly.
This will be based on the concept of adaptive authentication, by assigning a risk score and adjusting the level of access the user gets, based on the actions they are performing and the assurance level of the user’s authentication method.
This type of technology is in its early stages of development, although conversations around context-based and risk-based authentication have already become very popular.
Two-factor (2FA) or multi-factor authentication
These systems have been in use for a while now, and end users have become accustomed to adding an extra layer of security for certain type of transactions. It relies on the user acknowledging control of a confirmed communication channel, such as an email address, a text message or an authentication app.
Several service providers, especially those in eGovernment, are using a text message sent to the number on record with containing a one-time password (OTP) valid for one login session or transaction on a digital device. However, there are certain risks associated with using OTP, that’s why it’s best they are always used in combination with other form of authentication like biometric authentication.
As we’ve discussed in a previous blog, with so many people using digital devices to communicate and access data, services and transact, the new challenge to ensure the success of this digital economy relies on knowing who you transact with.
Mobile trusted digital identities can be the answer as they provide the means to collect all end user attributes and enable seamless authentication all through the mobile device. Mobile enables the combination of identity documents, physical and behavioural biometrics and user information as geolocation, device numbers and other attributes.
While everyone is talking about how we should kill passwords, the fact is the average person has at least 90 online accounts associated with their email address and use the same password to access them, and that number is growing every year.
Usernames and passwords will continue to be used for authentication in 2018, but the widespread adoption of scalable technologies will help eliminate this hassle over the coming years. End user adoption of biometric technologies will drive the movement towards seamless and convenient digital experiences, while reinforcing security and privacy.
What do you think about the solutions outlined above? Do you think it’s feasible to think we can kill the password in the next few years? Let me know in the comments or tweet your thoughts @Gemalto.