Are passwords the way to a secure cyber future?
Identity theft is at an all-time high in the UK. The UK’s fraud prevention service CIFAS recorded 190,000 cases in the past year, as our increasingly digitised lives make it easier than ever for fraudsters to get their hands on our personal information.
So how should we keep our identities secure online? The first line of defence is, more often than not, a password.
However over the last few months data leaks and password storage has been subject to much controversy. Facebook admitted in April that the passwords of millions of Instagram users had been stored on their systems in a readable format. Yahoo recently settled a lawsuit over the loss of data belonging to 3 billion users, including email addresses, security questions and passwords.
It’s not a surprise that other methods of security are being tested, Microsoft itself announced last year that the company planned to kill off the password in favour of biometrics. It is understandable – passwords are one of the easiest approach for attackers. They are often easily memorable and can therefore be easy to compromise.
New rules laid down by the EU are designed to deal with that issue. The updated Payment Services Directive, known as PSD2 , require businesses to use at least two factors when authenticating a customer’s identity.
These can be something the customer:
- has in their possession (such as a bank card)
- something they know (such as a PIN), or
- something they are, which includes biometrics.
This includes more traditional authentication methods – such as tokens, passwords, codes sent by SMS – however it also involves the use of modern technologies and biometrics: fingerprint, voice pattern’s and face recognition.
Biometrics offer a more frictionless consumer experience but has been held back by the need for specialised equipment. With the latest smartphones, many of us now carry the necessary hardware in our pockets. Yet just as our personal data is vulnerable to thieves, biometric information can also be stolen, and it is not possible to change our fingerprints, unlike the ability to change our password.
Perhaps the key to keeping a secure online identity is the combination of the two. Multiple authentication processes are the best way to eliminate the risks of identity fraud. The combination of passwords, pins and biometric data can be used to secure and protect your cyber existence, providing the most robust form of protection.