“Choose strong passwords with letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and change passwords regularly.” – MIT Information Systems and Technology (Top Ten Safe Computing Tips)
Although this advice seems simple in theory, the reality of passwords is that they are required to be oxymoronic – they need to be sufficiently random to prevent them being guessed, but they also need to be highly memorable to the user. Recent advice suggests that your password be at least 8 characters long, contain upper and lower case letters and numbers and be changed every 60 days in order to avoid the possibility of being guessed by hackers. It is possible for the average person to have to remember over 50 unique passwords, having become an integral part of people’s daily lives.
The positive aspects of passwords come down to simplicity and convenience. They provide a straightforward service that everyone can understand, and with the help of a password manager, you often only need to login to any application once on your device. Passwords can also be encrypted, giving an extra level of security. In addition, most operating systems have password authentication built in, reducing the need to invest in hardware. In spite of this, they are still not entirely reliable as a stand-alone source of cyber security, although there are a number of techniques that can be used to increase password reliability.
The question on whether or not the removal of passwords entirely will increase the security of our data relies on the question of replacement methods. So, does removing passwords make sense?
What are the alternatives?
Bio-metrics is a technique that is being used more widely by leading banks, including HSBC. This involves using something unique to the user, such as a fingerprint, voice recognition, or face-shape recognition. Just as with passwords, this is not the most effective form of security when used on its own and there are experts who believe that the use of bio-metrics is in fact less secure than use of passwords.
Password managers can prove a useful tool when relying on passwords. They create an encrypted database of the users’ password, but they too rely on the user creating a very strong master password. Password managers, therefore, reduce the need for remembering numerous long, unique passwords.
Another technique often used by Google is two-step authentication, requiring the user to enter a password, followed by a verification code which the application sends to the user’s email account or mobile phone. Although this does give an increased level of security, many users find this to be more time-consuming than necessary and can be highly irritating.
A more complex method is behavioural analytics. Paul Ferron, Director of security solutions, EMEA at CA Technologies explains that behavioural analytics takes into account a user’s usage patterns, history and activities against how they interact with a device. This is a much newer technology and would require a higher level of investment.
A fairly straightforward way of increasing your data security is with a combination of passwords and bio-metrics, known as two-factor identification. The fundamentals of this come down to ‘something you know, plus something you are’, making it much more difficult to replicate. This does not eliminate the need for a unique but memorable password, but it does double your data security – if one method is hacked, the other should continue to protect your confidential data.
Bio-metrics are recommended as a data protection tool when highly confidential customer information or high-value money transfers are at stake. However, the use of the password is not something that needs to be phased out completely at this point. In combination with other methods of data security, the password need not become obsolete.
For more guidance on increasing your data security and the possibilities of new techniques versus old, get in touch today. Our expert team is able to provide you with all the best techniques for protecting your confidential customer data.