Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

Why passwords don't work, and what will replace them

"Sarah", an actor based in London, had her identity stolen in 2017. "I got home one day and found my post box had been broken into," she says.

"I had two new credit cards approved which I hadn't applied for, and a letter from one bank, saying we've changed our mind about offering you a credit card."

She spent £150 on credit checking services alone trying to track down cards issued in her name.

"It's a huge amount of work and money," says Sarah, who asked the BBC not to use her real name.

Identity theft is at an all-time high in the UK. The UK's fraud prevention service CIFAS recorded 190,000 cases in the past year, as our increasingly digitised lives make it easier than ever for fraudsters to get their hands on our personal information.

So how should we keep our identities secure online? The first line of defence is, more often than not, a password.

But these have been in the news lately for all the wrong reasons. Facebook admitted in April that the passwords of millions of Instagram users had been stored on their systems in a readable format - falling short of the company's own best practices, and potentially compromising the security of those users.

Late last year, question-and-answer website Quora was hacked with the names and email addresses of 100 million users compromised. And Yahoo! recently settled a lawsuit over the loss of data belonging to 3 billion users, including email addresses, security questions and passwords.

No wonder that Microsoft announced last year that the company planned to kill off the password, using biometrics or a special security key.

IT research firm Gartner predicts that by 2022, 60% of large businesses and almost all medium-sized companies will have cut their dependence on passwords by half.

"Passwords are the easiest approach for attackers," says Jason Tooley, chief revenue officer at Veridium, which provides a biometric authentication service.

"People tend to use passwords that are easy to remember and therefore easy to compromise."

Not only would getting rid of passwords improve security, it would also mean IT departments would not have to spend valuable time and money resetting forgotten passwords.

"There is an annual cost of around $200 (£150) per employee associated with using passwords, not including the lost productivity," says Mr Tooley.

"In a large organisation that's a really significant cost."


'New risks'

Philip Black is commercial director at Post-Quantum, a company designing powerful encryption systems for protecting data.

He agrees that passwords are already a weak point. "You have to create and manage so many passwords. That's unmanageable, so people end up using the same passwords, and they become a vulnerability."

New rules laid down by the EU are designed to deal with that issue. The updated Payment Services Directive, known as PSD2 , require businesses to use at least two factors when authenticating a customer's identity.

These can be something the customer has in their possession (such as a bank card), something they know (such as a PIN), or something they are, which includes biometrics.

Overlooked in the past in favour of tokens, passwords, and codes sent by SMS, interest in biometrics is growing. According to the 2019 KPMG International Global Banking Fraud Survey, 67% of banks have invested in physical biometrics such as fingerprint, voice pattern and face recognition.

This year, NatWest began trialling debit cards with a fingerprint scanner built directly into the card itself.

Biometrics offer a more frictionless consumer experience, but has been held back by the need for specialised equipment. With the latest smartphones, many of us now carry the necessary hardware in our pockets. Research by Deloitte has found that a fifth of UK residents own a smartphone capable of scanning fingerprints, and that number is rising fast.

Yet just as our personal data is vulnerable to thieves, biometric information can also be stolen. In September, Chinese researchers at a cybersecurity conference in Shanghai showed it was possible to capture someone's fingerprints from a photo taken from several metres away.

If you think resetting your password is difficult, try changing your fingerprints.

To boost security, companies are increasingly relying on multiple factor authentication (MFA) which seeks to identify people using as many different ways as possible.

This can include not just explicit measures such as PINs and fingerprint scans, but background familiarity checks such as your location, purchase history, keystrokes, swiping patterns, phone identity, even the way in which you hold your phone.

"Is biometrics going to replace passwords? No, a combination of factors is going to replace passwords, we are and we should be moving toward this," says Ali Niknam, chief executive of Bunq, a mobile banking service.

Yet there is a risk of that this sort of multi-factor authentication, while secure, will make the authentication process even more opaque. If you don't know what is being used to identify you online, how can you protect that information?

"I'm careful about internet security - my date of birth isn't anywhere, my address isn't anywhere," says Sarah.

"I'm 33, relatively young and tech-savvy, but I'm not sure I'd know how to be more careful."

She does remember, however, that one bank initially refused to cancel the account the thief had opened in her name, because she didn't know the password.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
Hungary Ranked Among the World’s Safest Travel Destinations for 2025
G7 Leaders Fail to Reach Consensus on Key Global Issues
FBI and Senate Investigate Allegations of Chinese Plot to Influence the 2020 Election in Biden’s Favor Using Fake U.S. Driver’s Licenses
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Shock Within Iran’s Leadership: Khamenei’s Failed Plan to Launch 1,000 Missiles Against Israel
Wreck of $17 Billion San José Galleon Identified Off Colombia After 300 Years
Man Convicted of Fraud After Booking Over 120 Free Flights Posing as Flight Attendant
Iran Launches Extensive Missile Attack on Israel Following Israeli Strikes on Nuclear Sites
Beata Thunberg Rebrands as Beata Ernman Amidst Sister's Activism Controversy
Hungarian Parliament Approves Citizenship Suspension Law
Prime Minister Orbán Criticizes EU's Ukraine Accession Plans
Hungarian Delicacies Introduced to Japanese Market
Hungary's Industrial Output Rises Amid Battery Sector Slump
President Sulyok Celebrates 15 Years of Hungarian Unity Efforts
Hungary's Szeleczki Shines at World Judo Championships
Visegrád Construction Trends Diverge as Hungary Lags
Hungary Hosts National Quantum Technology Workshop
Hungarian Animation Featured at Annecy Festival
Israel Issues Ultimatum to Iran Over Potential Retaliation and Nuclear Facilities
UK and EU Reach New Economic Agreement
Coinbase CEO Warns Bitcoin Could Supplant US Dollar Amid Mounting National Debt
Trump to Iran: Make a Deal — Sign or Die
Operation "Like a Lion": Israel Strikes Iran in Unprecedented Offensive
Israel Launches 'Operation Rising Lion' Targeting Iranian Nuclear and Military Sites
UK and EU Reach Agreement on Gibraltar's Schengen Integration
Israeli Finance Minister Imposes Banking Penalties on Palestinians
U.S. Inflation Rises to 2.4% in May Amid Trade Tensions
Trump's Policies Prompt Decline in Chinese Student Enrollment in U.S.
Global Oceans Near Record Temperatures as CO₂ Levels Climb
Trump Announces U.S.-China Trade Deal Covering Rare Earths
Smuggled U.S. Fuel Funds Mexican Cartels Amid Crackdown
Austrian School Shooting Leaves Nine Dead in Graz
Bezos's Lavish Venice Wedding Sparks Local Protests
Europe Prepares for Historic Lunar Rover Landing
Italian Parents Seek Therapy Amid Lengthy School Holidays
British Fishing Vessel Seized by France Fined €30,000
Dutch Government Collapses Amid Migration Policy Dispute
UK Commits to 3.5% GDP Defence Spending Under NATO Pressure
Germany Moves to Expedite Migrant Deportations
US Urges UK to Raise Defence Spending to 5% of GDP
Israeli Forces Intercept Gaza-Bound Aid Vessel Carrying Greta Thunberg
IMF Warns of Severe Global Trade War Impacts on Emerging Markets
Low Turnout Jeopardizes Italy's Citizenship Reform Referendum
Transatlantic Interest Rate Divergence Widens as Trump Pressures Powell
EU Lawmaker Calls for Broader Exemptions in Supply Chain Legislation
France's Defense Spending Plans Threatened by High National Debt
European Small-Cap Stocks Outperform U.S. Rivals Amid Growth Revival
Switzerland Proposes $26 Billion Capital Increase for UBS
×