- OpenAI releases a slew of developer features in a 'Mini Dev Day'
- How to your change location with a VPN - and why you should
- Sophisticated TA397 Malware Targets Turkish Defense Sector
- Leaving Windows 10 for Linux? 5 security differences to consider first
- Equinix to end its bare-metal service
Breaking Up with Your Password: Why It’s Time to Move On
Data breaches impacted more than 1 billion users in the first half of 2024, up 409% from this time last year, emphasizing the importance of maintaining stealth cyber hygiene. The truth is, as long as there are passwords, there will be breaches. Even passkeys offer insufficient data protection, essentially giving hackers a master key that unlocks all the user’s data.
With advancements in technology and increasing cybersecurity threats, it’s time for users to embrace more secure, efficient alternatives including biometric identity authentication or multi-factor authentication. These solutions will enhance security, improve user experience and save businesses money.
The Problems with Traditional Passwords
Almost every day we read about a new data breach that has affected millions – and sometimes billions – of people, putting their personal information at risk. Bad actors are easily gaining access to millions of passwords. Yahoo was subject to the largest known data breach in history with names, email addresses, phone numbers, birth dates and security questions of its three billion users compromised. And this breach went undetected for three years.
Most users choose passwords that are easy to remember and most of the time, those are the weakest ones. Weak passwords open the door to unwanted access by cybercriminals who can steal information, impersonate the user or disrupt operations. Many users also reuse the same password across all accounts, increasing the risk of cybercriminals easily gaining access to multiple accounts.
The very best passwords are complex, making them hard for the user to remember. This leads to frequent password resets which can be time consuming and frustrating. This daunting and time-consuming task can create resistance among users that ultimately leads to the creation of less secure or repetitive passwords. Additionally, managing multiple passwords without a password manager can be a cumbersome task and the password management platform will require a password of its own, making it just as vulnerable.
A solution to manage accounts that is both convenient and secure is necessary as security continues to evolve.
Alternatives to Passwords
The use of biometric authentication can enhance security, provide user convenience and speed up the time it takes to log in to accounts. Biometric authentication verifies a user’s identity using their unique biological characteristics. Fingerprints and facial recognition are already becoming more widely used to log in to smartphones, laptops and apps. Voice recognition is an emerging technology that analyzes various features of a user’s voice such as pitch, tone, frequency and speech patterns.
Another alternative that is even more popular is multi-factor authentication, combining something you know with something you have or something you are. For example, a user could enter their password to log in and be prompted to then receive a code from a separate authenticator app on a secondary device, enter a code that was sent to their mobile device via text or phone call or using hardwire tokens. These security tokens can provide one-time passwords. They can also be USB or smart cards that interact directly with the device.
The most secure alternative are completely passwordless authentication solutions, like single sign-on (SSO) which provides one set of credentials to access multiple applications. Users can also incorporate magic links or email-based one-time login links.
Benefits of Moving Beyond Passwords
Regular passwords are no longer sufficient to thwart bad actors. Account security must become more complex to enhance the safeguarding of user information. Passwordless solutions reduce the risk of phishing attacks as it is harder for hackers to obtain biometrics or intercept MFA or SSO tokens.
Passwordless solutions can also eliminate brute force attacks as there would be no password to crack. Businesses are a prime target for this type of attacks as usernames and passwords for new employees, shared platforms and other administrative attacks are often generic credentials, such as, “admin” or “123456.” These administrative accounts will often hold employee and client information and confidential company information including names, banking information and more.
With the adoption of passwordless solutions also comes improved user experience. Authenticating and logging into accounts becomes seamless without the need to remember complex passwords. Accounts are safe and the login process is efficient, reducing friction for users.
On a global scale, the average cost of a data breach is $4.45 million, which is a 15% increase over the last year, according to IBM’s 2023 report. IBM also reports that it takes an average of 204 days to identify a data breach and an additional 73 days to contain. Breaches are resource intensive and without them, the time and money spent to manage them could be reallocated. On an operational level, businesses will see cost savings benefits once a passwordless solution is incorporated. Password resets will be eliminated therefore lessening the burden on IT support. Without the interruption of password management, employees will be able to seamlessly move from task to task, increasing productivity.
Addressing Concerns and Challenges
With any type of stored data, there will always be concerns for privacy and security. It is imperative for those using biometrics in lieu of passwords to securely store the data to ensure there is as little chance of misuse as possible. It is best practice to store biometric data on the user’s device, lessening the chance of a mass data breach where all an organization’s customers become victims of a bad actor. This practice makes targeting the organization less attractive to bad actors as they will not receive much data and will look put their efforts elsewhere.
If an organization does decide to use biometrics as a passwordless solution, they should provide clear explanations and obtain consent from users. The misuse of biometrics can have catastrophic impacts on a user and an organization. Users must be clear on how and why an organization is asking for this data, how they will be using it and where it will be stored.
Organizations must also address accessibility issues before implementing biometrics as a passwordless solution. Users who suffer from impairments like loss of vision, voice tremors or dexterity challenges may struggle to use biometrics. Organizations should implement alternative passwordless solutions for those who are unable to use biometrics.
The Future of Data Protection
Just as hackers evolve their tactics, businesses and users have to remain nimble and on the cutting edge. Investing in research and development in the cybersecurity sector is worthwhile, especially if it helps you skirt emerging threats and spot new, safer authentication options. Staying up to date on data regulations and compliance as well as unofficial industry standards will enable you to be the example of best practices versus the victim.
In tandem with going passwordless, businesses need to redefine what information is – and is not – essential to their business. For example, a streaming service does not need your social security number to provide its service. Hackers can’t steal data from businesses that they don’t store on their servers.
A Risk Worth Taking
Change is hard but when it comes to data security, you have to choose your hard. Would you rather report you’ve been breached and have it be one of the first things people see when they search for your business? Or go through a transition period where you learn and adopt a new way of signing into your devices and accounts? It’s a no brainer that the latter is the best approach. One of the first and easiest steps to test out a passwordless digital footprint is to use readily available features on your smartphone such as facial identification and the alternate identification options.
By adopting more secure, user-friendly authentication methods, we can enhance security, improve user experience and streamline processes both for individuals and businesses.
About the Author
Zarik Megerdichian is the CEO and Founder of Loop8, a cutting-edge solution that protects personal data and privacy using advanced biometric technology and strong encryption protocols to ensure data security without the need for conventional passwords. A self-proclaimed passwordless crusader, Zarik sees Loop8 as a tool for the masses that gives users complete control of their personal information while eliminating human error. Zarik can be reached online on LinkedIn and at our company website https://l8p8.com.
