Passwords Are Slowly Becoming a Thing of the Past
Passwords are inconvenient, forgettable and not particularly secure locks for our prized data. Technology can do better.
Between the time you sit down at your desk in the morning and the moment you shut down your computer in the evening, how many times do you think you input a password for an account, program or device? A recent survey found the average person has 27 logins that require a password and uses more than half of them in a given day.
Is this really the most convenient and secure strategy for handling confidential information in the workplace?
The cumbersome nature of passwords.
How many different passwords do you think you have? Most people fall into one of two camps. They either have one password that they use across all accounts and platforms, or they have a different password for every account. The problem is that neither of these approaches is very good.
If you only use one password, you're putting yourself at risk for being compromised. If you use different passwords, you constantly have to guess and reset pass codes just to log into various accounts.
In the office setting, poor password behavior leads to heightened security threats and lost productivity. As a result, your IT department likely spends hundreds of hours a year dealing with password related issues and all of the negative byproducts that result from them. So, whether you realize it or not, passwords are possibly holding your business back.
But what if someone told you that traditional passwords are going by the wayside? If you study new trends and developments in security technology, it looks as if this may be the case in the very near future. And from a small business perspective, the ramifications could be significant.
Replacing passwords in the office.
"Passwords have served us well, there's no doubt about that," computer scientist Joel Lee explains. "However, they aren't perfect. Not by a long shot. In fact, the concept of a password has one glaring flaw that can never be fixed: passwords are all or nothing."
See, if someone has the password, they have access to everything that's inside. "In essence, password protection is security through obscurity, a security practice that's universally lambasted as weak and ineffective," Lee says. It's like having a padlock on a safe. All someone needs is a pair of bolt cutters and they can have whatever is inside."
It makes much more sense to develop security infrastructures that don't rely on singular security challenges. Instead, businesses would be wise to invest in security technologies that require persistent identity measures. One idea that's growing in popularity is the concept of using behavioral inputs.
"Simply put, [behavioral inputs are] the way you interact with your device; how you hold and use your mouse, make keystrokes, how quickly you move line-to-line or from page to page," digital signature expert David Vergara explains. "These actions, analyzed and learned, over time, are interpolated through algorithms to establish a unique pattern of each user to determine if it's the same user requesting access or potential fraud (behavioral authentication)."
In the case of a behavioral input system, security can ramp up authentication measures if the user's actions don't seem to line up with the expected behavior.
We're also seeing a lot of anticipated growth in biometric security. One specific area that's growing in popularity is the use of voice recognition. As IT pro David Lewis points out, Barclays Bank became one of the first major corporations to adopt voice recognition technology for its telephone banking customers (instead of standard pin codes) in August of 2016.
"Voice recognition, a form of biometric software, is a more secure form of banking protection because our voices are unique. Each voice has a set of around 100 characteristics," Lewis says. "Half of those are physical characteristics -- shape of the mouth and throat -- and the other half are behavioral characteristics of sound and words used."
When a customer's "voice print" has been captured, the Barclays system can then use it to match against other phone calls in the future. Despite what some may assume, it's impossible to mimic a voice and cheat the system.
Aside from fingerprint scanning and voice recognition software, other (less frequently used) forms of biometric security include iris recognition, vein-pattern detection and even heart beat detection. Businesses with high level security needs can be expected to adopt some of these security formats in the very near future.
Invest in advanced security.
It's easy to cling to the status quo, even when it comes to something as important as security. You'd rather do something you're comfortable with than rock the boat and risk messing something up. But unfortunately, you won't be able to sit still much longer. Changes are coming and businesses like yours will need to adapt.
From a financial perspective, the cost to upgrade your existing approach to cyber security and password integrity could be high. Solutions such as voice recognition and iris detection software are still quite expensive and will remain that way until the tech companies reach economies of scale. With that being said, the long-term pay off for an investment in advanced password security is much higher than the upfront cost.If you make decisions in your organization, make it a priority to conduct more research in this area and learn more about your opportunities. If you aren't a decision maker, it may be up to you to educate the appropriate parties and bring them up to speed on the current security landscape and where your organization fits into the picture.
Entrepreneur Editors' Picks
If You Focus on Problems, You'll Only Find More Problems. Here's How to Focus on Solutions.
Apple Asks This Jarring Interview Question as a Secret Way to Evaluate a Candidate