Passwords are a pain point for nearly anyone who uses a PC or a smartphone. We need to remember numerous passwords and login details for the many apps and online services we use. That makes it tempting to compromise on security by sticking with one password for everything or writing it down somewhere.
Worse than that, as the many serious information security breaches we have seen in South Africa and the rest of the world over the past few years show, passwords are not even that secure. The good news is that many technology companies are looking at creating alternatives to passwords that are more secure and easier to use.
Alcatel explores some of the technologies that may replace the traditional password in years to come.
- Physical biometrics
Biometrics uses a unique physical characteristic of your body to verify your identity. Examples include your face, the iris of your eye, your fingerprints and perhaps even a sample of your DNA. Biometrics is already in increasingly common use in the smartphone world, where it’s not unusual to sign into your phone with a fingerprint or facial recognition.
The technology is getting better all the time, offering a blend of secure identification and ease of use, along with the benefit that you always carry your ‘password’ with you. But the downside is that if someone manages to steal your biometric data and use it to access your info, you can’t simply reset your password.
- Behavioural biometrics
Behavioural biometrics is a cutting-edge technology that uses your behaviour to verify that you are who you claim to be. This might include things like your typing speed, the pressure you exert on the screen of your smartphone when you use it, the way you walk and more.
Over time, behavioural biometrics will collect a digital profile of your behaviour. It could be used to authenticate you without any action from your side. For example, if an online banking app has high confidence in your identity, it could allow you to conduct a low-risk transaction like checking your account balance without making you sign in.
- Hardware-based security keys
Using a physical piece of hardware, like dongle or token, as an extra layer of security when signing into a service is nothing new. However, the emerging FIDO2 passwordless authentication standard is making this more seamless and easier for the user.
When you register for an online service, you will create a new key pair on a device like your smartphone. Each time you sign on, your device will authenticate you to the service by presenting your private key to the service.
- Device fingerprinting
Here, the online service or app will take the fingerprint of your device, including the model, memory, location, and IP address. From then on, it can allow you to use low-risk services and carry out basic transactions if it recognises your device. If your device details change, it can ask you to verify your identity through a password or biometrics.
- Passwords will be with us for a while yet
Despite the many innovations we have seen in security technologies over the years, none of them has replaced the humble password yet, imperfect as it may be. Some may complement rather than completely displace PINs and passwords. So, it could be worth taking some simple steps to make your life easier and your data more secure:
o Be sure to use multifactor authentication (MFA) for apps that contain sensitive personal information
With MFA, you will use something you know (a password) and something you have (a smartphone or hardware token, for example) to access services as social media or banking. Most services and apps these days support multiple MFA solutions:
- You could get a one-time password or PIN emailed or texted to you when you want to make a major change to an account, sign in from a new device or access sensitive information.
o You could use a mobile app like Google Authenticator or a hardware token to generate a code when you need to access a service
o Think about getting a password manager
Password managers like 1Password and LastPass can make your life simpler. They generate complex, random passwords that are difficult to guess, store them safely, and allow you to securely access your password from any device. This makes it easier to have a unique and difficult-to-guess password for every app and service you use.