Passwords are not weak only when they are simple, they are weak because they can be stolen, shared or figured out.
It is hard to believe that anyone is using simple passwords like “12345”, “password”, or their own name, but as the news frequently demonstrates, terrible passwords are still commonly used.
The truth is that combinations of numbers and letters are increasingly ineffective at preventing a hack. Passwords are not weak only when they are simple, they are weak because they can be stolen, shared or figured out.
If passwords are ineffective at securing data and confirming identity, the question must be asked: is there a way to improve them, or should we do away with them altogether?
Many experts, including Yaser Masoudnia, founder, and CEO of WiActs, argue that it is imperative that we replace them with new methods. He argues that rather than protecting our information, passwords are actually causing hundreds of millions of dollars in losses for the economy and can even pose a risk to national security.
“A majority of recent information breaches occur because of errors in identity management. Hackers’ favorite method is to steal or break through a password,” says Masoudnia.
Related Article: How Cloud-Based Security Can Protect You Against Data Theft
What Is the Key to the Next Generation of Information Security?
Multi-factor authentication can help shore up the weaknesses that passwords have created, a method that has actually existed for a long time. Consumer-facing applications like Facebook and Gmail have offered the option to use your password and then receive a security code in a text message to confirm you are logging in. A password is still the main line of defense, however, leaving the accounts susceptible to hackers.
But work is under way to create a better method for securing our data. Instead of settling for password-based solutions, he believes it is time to shift to a full suite of security measures that use encrypted login credentials, dual factor authentication, biometric information, and in some cases even geo-location to protect information as users access it. These added layers are possible with technology developed by WiActs and could be the next step in information security and account/identity management.
With password-free security solutions growing in popularity, many organizations are making the shift. Some hesitate, though, concerned that the process lacks functionality and is laborious. Masoudnia, who is integrating his technology with large financial institutions and government clients, says the process is more seamless than people think. He looks at the transition as a simple paradigm shift.
“We are all accustomed to using passwords, so shifting to a new method is difficult for some to understand. But it is a very simple adjustment and the benefits are so enormous that it certainly justifies the effort to transition,” says Masoudnia.
For the individual, the incentives seem quite clear. Complete control of your information security is an enticing offer, especially since most people have experienced, or know someone who has experienced, the consequences of their email or financial accounts being hacked.
Companies are similarly incentivized. The damage in consumer confidence resulting from a security breach can devastate a company. Target lost over $145 million in the course of its data breach and there is no way to estimate how many customers were lost in the process. Similarly, Anthem and Blue Cross experienced breaches that left over 80 million users’ health information exposed.
How Do Password-Less Solutions Work?
To begin with, you will not log directly into the account you are trying to access. In the case of WiActs, users log in to a portal called NoPassword.com. They do so by using an app on their smartphone which collects and relays users’ biometric data to the portal through an encrypted signal. Once inside the portal, a user can access any connected accounts; Outlook, SalesForce, Facebook, etc.
Most people are familiar with biometric data like fingerprints when it comes to smartphone security, but WiActs adds another layer to ensure that each factor cannot be replicated. The encrypted stream sent from your phone is stamped with data from the physical device, ensuring that a hacker cannot send the same information from a different phone.
Password-less security opens new doors for company security as well. Because account access funnels through a central portal, a company that integrates the technology can quickly permit and deny access to its employees. Disaffected former employees are one of the leading causes of hacks, utilizing their access to company networks to steal and damage.
WiActs’ platform also leverages a Geo-fencing technology that limits access to a particular location, an asset that Masoudnia says may have prevented Edward Snowden from escaping with volumes of data from the NSA.
“It's time to get rid of passwords and embrace a more secure solution. With costs related to security breaches on the rise, it's my hope that we can encourage organizations to make the change now before they experience a breach of their own,” says Masoudnia.
It's certainly an exciting time in information security. Innovators in the space are developing solutions to combat threats and keep our information safe, which could mean we never need to remember a password again.