A world without passwords
Passwords rule our life. The time, effort and thought which goes into creating passwords is perhaps exceeded only by our struggle to remember the many that we use.
The world of connected technologies means that we must be constantly aware about protecting our devices, servers and information.
A new report released by the World Economic Forum in Davos titled Passwordless Authentication shows that replacing passwords with other forms of authentication will make us safer.
“Cybercrime is set to cost the global economy $2.9 million every minute in 2020 and some 80 per cent of these attacks are password-related. Knowledge-based authentication — whether with PINS, passwords, passphrases, or whatever we need to remember — is not only a major headache for users, it is costly to maintain,” says the WEF report. It has been estimated that almost 50 per cent of IT help desk costs are allocated to password resets for larger business.
The simple entry point to the devices that connect servers and our precious data is perhaps the weakest aspect of security citadels.
New technologies are now creating options which can free users from the tyranny of passwords. The report has listed new options which will do away with passwords. These include use of biometrics, behavioral analytics, zero-knowledge proofs, QR codes and security keys.
Of these facial biometric is already getting traction with mobile phone users. Additional element of document scanning to match photo of user adds to the security. Though concerns about the privacy of data and faces remain.
The versions of QR Codes are emerging as a strong option to replace passwords. “Complex animated QR Codes can be used to authenticate without passwords. Since the Code is animated, unique and has a very short life span, it provides a secure way of binding sessions to identities,” says the report.
The most interesting option is behavioral analysis of the user. According to the report, Behavioral authentication uses non-identifiable but individually unique factors to confirm who the user is. The identity of the user is authenticated in the background using factors such as mouse movements to typing speed and habits, login history, network details like IP address, browser used, etc. Effectively the way we type or write or even our location will determine our authenticity. “While each of these non-identifiable factors is not enough on its own, when they combine as a single-security mesh, authentication becomes both secure and invisible,” the report says.
Then there are the hardware keys which include USBS or blue tooth device which add another layer of security. Andrew Shikiar, executive director and chief marketing officer of industry body FIDO Alliance, says, “The path forward is with standards-based, cryptographically secure authentication that keeps login info secure and private, while providing a fundamentally better user experience.”
We may get freedom from passwords but the need for authentication will need to be strengthened almost constantly. Not just for individuals, the need for authentication between machines and devices is equally critical. Internet connectivity rising in wide range of devices from TVS to cars to assembly lines, security layers will have to be constantly added to prevent breaches.
Emerging economies which are leapfrogging on technologies are perhaps more vulnerable as cyber security wasn’t a priority until recently. Such economies will have to rapidly improve security.
Authentication is the cornerstone of our digital world. Without it, we can barely function in the connected world. From the early Roman times when soldiers had to say the right word to pass a secure gate to gesture-based security, the world still needs confirmation for gatekeepers.
Biometrics, behavioural analytics, zero-knowledge proofs, QR codes and security keys could be used for authentication instead of passwords