Time to dump passwords, the weakest link in cyber security
COMPUTER passwords are ‘broken’ and should be replaced with more up-todate security measures, according to experts.
A report by accountancy giant KPMG says passwords are ‘one of the weakest links in our security chain’ because they are so easy to hack.
It also warns that people are being forced to use ever more complicated passwords to protect everything from their bank accounts to mobile phones.
The firm is calling for passwords to be replaced with a ‘more sophisticated approach’, such as using fingerprints or eye recognition. Such a move would come as a relief to millions of people who suffer from so-called ‘password rage’.
A recent, separate report found that a third of people now admit to having grown angry after struggling to remember log-in details. Many said frustration at forgetting passwords caused them to scream, swear and even cry, or bang their head on the table.
The average person is thought to have to remember at least 19 pass- words for logging in to computers, email, online banking, social media and internet shopping.
That report, by Centrify, which provides password management software, found only a fifth of people never forget their passwords.
KPMG says the end of the password was one thing they would love to see happen in 2016 but added it is not likely to happen for years.
David Ferbrache, technical director at KPMG’s cyber security business, says: ‘People are being forced to adopt more and more convoluted passwords, while trying to avoid the temptation to reuse those super-strong passwords.
‘It is high time we moved to a more sophisticated approach to authenticating people, which blends biometrics, behavioural analysis and contextual information.’ Some mobile devices, such as the iPhone 6, already use fingerprint recognition, allowing unlocking with a thumb or finger.
Other systems work alongside traditional passwords by tracking how a person interacts with a device, from typing speed to how hard they press.
The machine can then figure out whether users are who they say they are and block access to an unauthorised person.
Barry Scott, Centrify’s chief technical officer for Europe, the Middle East and Africa, said: ‘The real problems arise when we start to adopt poor password practices because we cannot remember them, like using the same ones again and again, or using easy-to-remember ones like “password”.’