How do you keep track of all your passwords? Jot them down on a sheet of paper? Copy and paste them from a document saved on your laptop? Do you pick something easy, like an old address or a pet’s name? Do you use the same password—or some variation of the same password—on all the sites you access?
Don’t worry, you’re not alone. Time and time again, internet user surveys conclude that most of us are terrible at passwords. That fact is leading many organizations to consider a new access technology that will bypass poor password etiquette and keep data safe, all while streamlining the process on the user’s end. It’s called biometrics, and it could change the password as we know it. Here’s how it all works.
The problem with passwords
No matter how many special characters you add to them, passwords offer little protection from the dangers that lurk on the web. Most computer users have fairly bad password hygiene; when surveyed, nearly a third of IT decision-makers—people who should know better—admitted that they used an easy-to-guess phrase in their passwords, such as a pet’s name, a favorite sports team or a memorable location. Even worse, 10% said they’d used “password” or “qwerty” when creating credentials.
Nearly all of us are guilty of committing some kind of password sin. How many times have you recycled a password across multiple logins or shared your credentials with a coworker? Experts suggest password misuse is far too frequent, much to the detriment of our security.
Some of this misuse is understandable. After all, a memorable phrase or number makes passwords easier to remember, which is important when you’re keeping track of literally hundreds of different logins.
But even if you are minding your password P’s and Q’s, hackers can easily get around password protections using phishing techniques, social engineering and keystroke loggers. Basically, passwords are an undeniably imperfect security protection.
The “death of the password”
The limitations of conventional passwords have prompted many to look for new IT solutions. For instance, there’s multi-factor authentication (MFA), where credentials are secured with both a password and some other type of authentication, such as a PIN sent via text.
However, MFA has its drawbacks. Taking into account what we know about the typical user’s password behavior, it could be considered counterproductive to add another step to the login process. And lo and behold: According to Pew Research, only around 12% of surveyed respondents employ password management tools—and even then, they don’t necessarily do so for all their accounts.
It’s findings like this that have major players scrambling to come up with alternatives. Microsoft, for instance, just introduced a “passwordless” feature to Windows 10, which allows users to log into their accounts with a physical security key or Windows Hello biometric security.
Biometrics: A new approach to security credentials
Biometric access tools like those used by Microsoft could signal the death knell of the password. That said, thumbprint scans, facial recognition and other tools are not necessarily new; Apple’s Touch ID technology, for instance, has been available for iPhone users since 2013.
Fingerprint mapping isn’t the only biometric employed by new technologies to authenticate logins without passwords—and that’s a good thing, since fingerprints are actually relatively easy to spoof. Instead, internet security providers are turning to the following innovative techniques:
- Facial recognition: When Apple announced that it was updating the iPhone X with facial recognition technology, it was a watershed moment for biometrics. Increasingly sophisticated scanners map facial geometry from a photo or video to create a unique identifier for each individual.
- Voice recognition: Voice recognition biometrics, such as the tools offered by CitiBank, track vocal and behavioral characteristics to create a unique voice “print.”
- Palm vein recognition: Surprisingly, vein structures in the hand may be a more secure alternative to fingerprints. This is a popular technique in the healthcare industry, where health organizations must be able to identify patients in high-volume databases.
- Heartbeat: Heartbeats are another unexpected unique biological identifier. Biometric IT solutions like Nymi measure pulse patterns using wearable bands embedded with electrocardiograms.
There’s no doubt that biometric access technologies will continue to evolve; indeed, experts predict that the market will experience a compound annual growth rate of at least 16% for 2018 through 2023.
As with any developing technology, it can be difficult to anticipate how the chips will fall. Which biometrics will emerge as the most secure and convenient password alternative? When is the right time to invest in biometric tools? Should you worry about doing so at all? How can you integrate biometrics into your cybersecurity plan to ensure that your data and networks have the utmost protection?
An IT solutions provider can help you with these questions and more. Start by reviewing our free resource, the MyITpros Cybersecurity Bundle. Consider it your concierge as you begin designing security processes and selecting the right products for your company. It’s just the key you need to unlock the world of business cybersecurity—no password required!