The other day it hit me. Even though many of the IT and software leaders are professing that the password is dead or that we should strive to create a passwordless infrastructure it might be impossible. Certainly, for the near future, it seems improbable. Why?
Passwords are so deeply rooted in all that we do. We have passwords to access our device, passwords to access our multiple email accounts, passwords to access our social media, passwords to access our bank accounts and credit cards, passwords to access websites, eCommerce, PayPal, StubHub, airlines and travel sites. We also have countless passwords associated with our careers, to access Outlook, Salesforce, GoToMeeting and company portals.
Therefore, is at all realistic to expect all of these disconnected entities to agree on a universal authentication process outside of passwords, which are already deeply entrenched in the process? Sure, all of us hate entering passwords, we find them cumbersome, tedious and a waste of time and energy. But we’ve all forsaken to the fact that we cherish our privacy and need online security. We’re not just protecting access to our email accounts and pictures; we’re protecting our crown jewels and all of our assets.
Additionally, as we search for the solution to passwordless, we are actually adding new passwords to our portfolio. Each day as we come across new websites and apps we want to use, and we’re required to enroll to create a username and password. It’s unavoidable.
What are the options? What is the ideal solution?
There are a half dozen or so cybersecure options to authenticate user identity beyond the password. One of the first-generation alternatives to the password was challenge-response questions, but they’ve fallen under attack because most of the answers to the questions can be sought out via the user’s social media posts. PINs and tokens became the trendy way to secure identity, but users soon found that they slowed them down, and occasionally fell victim to user error as they would enter a wrong number or take too long to enter the number, causing identity authentication issues. In my case our office has a very poor cell connection, therefore when a website or app wants to push me a PIN number to enter, I’m unable.
Swipe cards and keys are other alternatives, but we’ve come to learn that swipe cards are easily shared, easily lost and are quite costly to maintain and replace. One of the newest alternatives is to issue keys for end-users, but we are finding that the keys are easy to lose (some vendors suggest buying 2 for each user as a failsafe) and if someone gets a hold of your key, they gain immediate access to your files.
So, you can see that when it comes to potential breakdowns and vulnerabilities, passwords are not the only flawed authentication method. But is it time to point fingers? At BIO-key we say “yes”. We profess that it’s your finger that might be the answer to best in class cybersecurity and offers a pathway to an infrastructure that is not solely reliant on passwords yet doesn’t open the door for hackers by simply introducing a second vulnerable method for authentication.
When we ask what is the authentication method most suited to provide a universal solution, it’s clear that we will never get so many disconnected entry points to agree on one method. It’s simply not practical to require everyone to start using swipe cards, keys, PINs or tokens. The expense, the management process, would be out of control.
But why not biometrics? Why can’t your fingerprint become the universal cybersecurity form of strong user identity authentication? You greatly reduce any hardware costs as unlimited users can enroll and authenticate on one fingerprint scanner and many of today's devices include embedded fingerprint scanners – reducing the cost to zero.
Will we ever live in a passwordless world? Yes, it’s very likely, but not at all likely to happen during the next five years as hackers and cyber thieves continue to thrive and grow. How likely is it that our biometric will play a role in the passwordless world or the IoT? Highly likely!
BIO-key’s core software engine WEB-key is developed to operate side by side with all of today’s traditional authentication methods. BIO-key engineers and scientists envisioned a business world that would be in a long-term transition as it adapted to the next generation of cybersecurity strategies. Change can be resisted and disruptive to the enterprise, therefore BIO-key not only introduced WEB-key so that organizations can make a subtle transition – in layers, but they have also introduced and mastered a testing program, which mitigates risk as the organization explores the benefits of biometric technology.
If you’re considering adding the security and convenience that’s associated with biometric authentication, BIO-key has been onboarding satisfied new customers since 1993.