Opinion: How we can finally kill the password
We're reaching the end of the password era 鈥 and it can't come soon enough.
If you need more evidence that the听credentials we use to log into accounts are among the听greatest cybersecurity weaknesses, the 2016 Verizon Data Breach Investigations Report noted that 63 percent of confirmed data breaches involved听听
Even after听years of education and awareness,听people still use听听(often across听),听share听, or leave devices听.
While it鈥檚 easy to blame users for being lazy or blas茅 when it comes to securing passwords, the reality is that the deck is stacked against us. The problem is not that consumers do not know that they should use strong and unique passwords; it鈥檚 that it鈥檚 really hard to remember long strings of numbers and letters. It鈥檚 particularly difficult when asked to remember听multiple听passwords across all of our various accounts.
In many ways, our reliance on passwords turns human nature into a security vulnerability. But there's a way of using human nature to our advantage, too.
The theory of passwords is that users create a secret string of letters, numbers, and symbols that validates their identity.听Ultimately, it's used to听establish trust between a user and a network. When approached from this perspective, it opens the door to other ways to authenticate users.听
Fortunately, the听tech industry is rapidly innovating on that front. It's looking for ways of using听human behavior and characteristics 鈥 how we speak, our location, the way we type, our walking patterns, or facial features 鈥 to听authorize users and ultimately create a safer and more secure internet. 听听
These changes won't replace the static password overnight. But some of this is already in use. Credit card companies and banks, for instance, are monitoring users' patterns to seek out potential fraud. That's why a听transaction in Florida by a customer from Kansas raises suspicions and could听trigger an account freeze.听
Similarly, social media companies often ask users to verify their location when they detect someone is logging in from an unknown location or on a different device.听
But the tech industry needs to do more to ensure biometric technology can effectively make us more secure. One solution is to take advantage of the technologies on our smartphones to improve authentication.
For example, the financial giant USAA听听an authentication scheme that uses facial recognition via the camera in a smartphone with an added twist. The app looks to see if you actually blink to make sure you're human before it grants access.
While passwords can be stolen,听mimicking facial expressions 鈥 or so-called liveness detection 鈥 is a much tougher challenge. And the task for malicious hackers gets even tougher when you combine live facial recognition with other traits such as typing patterns or speech patterns.
Google is currently working on security technology that aims to combine that kind of multifactor authentication when granting users access to apps. Hopefully, other tech companies will follow their lead. It already seems like there's an appetite for it.听听of millennial respondents polled already use biometric authentication in some fashion.
My guess is that few people would mourn the passing of the password.听Another recent听poll found up to听听of people would prefer something other than passwords to access an account. In addition to being an imperfect and flawed system, remembering passwords has become a burden of the Digital Age.
So, let's work together to听make passwords obsolete by embracing innovative techniques that increase our security.听The future of cybersecurity doesn't need to be some deep dark secret code; it could simply be you.
Michael Kaiser is the executive director of the National Cyber Security Alliance. Follow him on Twitter听.
听
