Opinion: How we can finally kill the password
Innovative biometric technology that relies on human traits as security measures is the answer to beating back threats from malicious hackers.
Michaela Rehle/Reuters
We're reaching the end of the password era – and it can't come soon enough.
If you need more evidence that theÌýcredentials we use to log into accounts are among theÌýgreatest cybersecurity weaknesses, the 2016 Verizon Data Breach Investigations Report noted that 63 percent of confirmed data breaches involvedÌýÌý
Even afterÌýyears of education and awareness,Ìýpeople still useÌýÌý(often acrossÌý),ÌýshareÌý, or leave devicesÌý.
While it’s easy to blame users for being lazy or blasé when it comes to securing passwords, the reality is that the deck is stacked against us. The problem is not that consumers do not know that they should use strong and unique passwords; it’s that it’s really hard to remember long strings of numbers and letters. It’s particularly difficult when asked to rememberÌýmultipleÌýpasswords across all of our various accounts.
In many ways, our reliance on passwords turns human nature into a security vulnerability. But there's a way of using human nature to our advantage, too.
The theory of passwords is that users create a secret string of letters, numbers, and symbols that validates their identity.ÌýUltimately, it's used toÌýestablish trust between a user and a network. When approached from this perspective, it opens the door to other ways to authenticate users.Ìý
Fortunately, theÌýtech industry is rapidly innovating on that front. It's looking for ways of usingÌýhuman behavior and characteristics – how we speak, our location, the way we type, our walking patterns, or facial features – toÌýauthorize users and ultimately create a safer and more secure internet. ÌýÌý
These changes won't replace the static password overnight. But some of this is already in use. Credit card companies and banks, for instance, are monitoring users' patterns to seek out potential fraud. That's why aÌýtransaction in Florida by a customer from Kansas raises suspicions and couldÌýtrigger an account freeze.Ìý
Similarly, social media companies often ask users to verify their location when they detect someone is logging in from an unknown location or on a different device.Ìý
But the tech industry needs to do more to ensure biometric technology can effectively make us more secure. One solution is to take advantage of the technologies on our smartphones to improve authentication.
For example, the financial giant USAAÌýÌýan authentication scheme that uses facial recognition via the camera in a smartphone with an added twist. The app looks to see if you actually blink to make sure you're human before it grants access.
While passwords can be stolen,Ìýmimicking facial expressions – or so-called liveness detection – is a much tougher challenge. And the task for malicious hackers gets even tougher when you combine live facial recognition with other traits such as typing patterns or speech patterns.
Google is currently working on security technology that aims to combine that kind of multifactor authentication when granting users access to apps. Hopefully, other tech companies will follow their lead. It already seems like there's an appetite for it.ÌýÌýof millennial respondents polled already use biometric authentication in some fashion.
My guess is that few people would mourn the passing of the password.ÌýAnother recentÌýpoll found up toÌýÌýof people would prefer something other than passwords to access an account. In addition to being an imperfect and flawed system, remembering passwords has become a burden of the Digital Age.
So, let's work together toÌýmake passwords obsolete by embracing innovative techniques that increase our security.ÌýThe future of cybersecurity doesn't need to be some deep dark secret code; it could simply be you.
Michael Kaiser is the executive director of the National Cyber Security Alliance. Follow him on TwitterÌý.
Ìý