07/01/2022 THE PDR RESOURCE GROUP
The Future of Passwords
How many of you labor over remembering all your passwords or maybe even trying to recall that “secret place” where you hid them? Well, that problem may disappear if emerging Security start-ups have their way. It seems that many of those firms are removing logins from the security protocol and replacing them in favor of tech-like QR codes and various forms of biometrics.
Recently, the Marketing firm, MailChimp, disclosed that cybercriminals found a treasure chest in the form of access to hundreds of customer accounts in the finance world and that there’s a tangible currency value in gaining control of online user data. As a result, you’ve probably witnessed all the companies that boast at being the best at protecting identities today.
So, how can one remedy this invasive problem? Here are a few tips toward mitigating that issue:
Remove as much of the human element from the picture as you can, which means getting rid of usernames and passwords.
Take away something you know, like a password, and replace it with a combination of two different, unrelated elements:
Something you have, like a smartphone, and something you are, like (face-scanning) biometrics
This is a password-less approach which is receiving a lot of attention these days.
Accessing a system, mobile app or even certain webpages can mean scanning QR codes with a phone. Did you verify on your phone that your face matches the same one from your driver’s license? By doing so, you are simultaneously confirming that the device you’re using belongs to you.
While it might seem like a painful way of authenticating your identity online, this process affords virtually no opportunities for cybercriminals to intercept personal data from companies in some sensitive industries, such as banking, financial services, and telecommunications.
Malware can actually be embedded within the various links on a website. Eliminating the password-driven credentials not only streamlines the identity-verification process, it helps ensure that while navigating throughout the website, the user will be protected.
While we think the replacement of passwords with a more secure approach is needed, there are challenges:
How does one adopt this new approach without complicating the user experience?
Companies want their employees and customers to work securely without upsetting them by sending them to another website.
One of the things we’ve seen emerge within the last 12 to 18 months is something called “zero trust”.
Zero trust is basically the view that, if one has not verified a person’s request to access a system every step of the way, that’s a point of vulnerability.
Before, when users were allowed to pass through corporate firewalls, they were granted nearly complete freedom. Now companies are looking for more transparency and want to know what that user is doing backstage at all times before they grant them the lowest level access required to enable the user to perform their specified task or service.
A key component in the effort to replace passwords with more secure access protocols is to incorporate into the regular sign-in process additional actions to be taken to verify the user’s identity.
Bottom line:
Be prepared to conduct online banking and other online financial services employing this much more reliable and secure access technology.
Comments