Passwords extinct? How did we get there? The answer is simple: biometrics and digital certificates, writes Chris Buchanan, client solutions director of Dell Technologies South Africa.
Imagine it’s October 2050 and a school class is on a Cybersecurity Awareness Month field trip at the local museum. Suddenly, a student asks his teacher “what’s that?” staring at some strange combination of letters, symbols and numbers. “Oh, that’s a password,” the teacher says. “Your parents used them to access their devices and applications. They’ve since become extinct.”
Let’s not get too far ahead of ourselves. Instead, let’s jump back to 2021. Too many passwords are a nuisance – let alone creating and remembering strong passwords that adhere to specific requirements.
According to a report from the University of Stellenbosch Business School which seeks to determine the security education, training and awareness needs of South Africans, 5.3% of respondents believed they had absolute knowledge of proper password practices. Only 2.8% displayed a perfect ‘security first’ aptitude when selecting and managing passwords.
In addition, the Dell Technologies Brain on Tech study found that when users worldwide were presented with a long, difficult password to access a computer under time pressure, their stress increased by 31% within five seconds and continued to rise even after users successfully logged in.
These results reinforce that for most of us, good password hygiene is not a priority; it is, instead, a nuisance. Whether you reuse the same password repeatedly, use weak passwords or write them on a sticky note, many of us are doing exactly what we have been told not to do. To increase security, organisations typically require employees to update passwords on a regular basis and adhere to minimum requirements to create strong passwords. However, this doesn’t prevent employees from behaviours that compromise security for convenience.
Concerningly, these behaviours are not just reserved for working adults. A recent study by the Scientific Electronic Library Online (SciELO) South Africa analysed students’ cybersecurity awareness at a private tertiary educational institution. The findings showed that most students found it difficult to remember complex passwords and so they used simple ones like their names.
So, if most people understand the importance of good password hygiene but no one feels obligated to practice it, where do we go from here?
The idea of using biometrics to identify an individual is centuries old. There is evidence that fingerprints were used as a person’s mark as early as 500 B.C. and that biometric technology existed for several decades prior. However, it wasn’t until the early 2000s that this technology really started showing up in end-user devices, and today, most people are familiar with using biometrics to unlock their devices and applications. What seemed like a novelty just a few years ago when we first saw people simply look at their smartphones to unlock them has become commonplace.
As biometrics continue gaining popularity as a convenient and secure form of automated user recognition, the traditional password will become much less appealing to consumers and enterprises alike. In addition, the technology which enables biometrics continues to advance with better sensor technology and the use of AI-based matching algorithms. This results in a better user experience while improving the security model.
Advanced device security features like fingerprint readers and facial recognition are now readily available on mainstream business laptops and used as part of a multi-factor authentication solution, offering users more secure ways to access their devices, applications and data than easily compromised passwords.
In fact, the Dell Technologies Biometric Usage Study found that at U.S. businesses where PCs with biometric security are available, around 80% of employees report using the feature and 64% of employees who currently don’t have these features available said they’d use them if offered. And that’s not just out of convenience; workers also believe that those features could help keep company data safe. This, in turn, enhances trust among IT administrators that the devices and users on their network are authentic.
But you may be asking, why is the use of biometrics more secure than passwords? Passwords are a string of characters which are validated by a website or service to allow a user access. Strong passwords are designed to be difficult to guess or replicate, but even the most complex passwords can be stolen or compromised. To secure user identities, the use of multi-factor authentication is increasingly required for user access.
Biometrics play a critical role in multi-factor authentication as the most difficult to replicate of the three possible factors of authentication which are: something you know (your password/PIN), something you have (your device or security token) and something you are (your fingerprint or face). Connecting authentication to a user’s biometric match creates the most difficult scenario for a cybercriminal to duplicate. Once the local authentication is performed, a secure digital certificate is released to the website or service for user authorisation.
Given the overall openness of employees to leverage biometric security features on PCs, there’s a real opportunity for biometrics adoption to continue increasing, especially as Gen-Zers enter the workforce. These digital natives grew up accustomed to using fingerprint readers or facial recognition on their smartphones and probably wouldn’t think twice about using the same technology on their PCs and other devices. It’s time for organisations to reassess how they are handling security on employee devices and consider incorporating biometrics for their next PC refresh cycle.
We still have a way to go until passwords are obsolete and become a museum exhibit, but as biometric technology becomes more sophisticated and more widely adopted, it’s only a matter of time until we can blissfully forget about remembering complicated passwords without compromising security. In the meantime, there are simple ways all of us can ‘Be Cyber Smart’ and keep our data safe without passwords raising our stress levels, including:
- Leverage a password manager to create strong passwords and store them in a secure location.
- Leverage multifactor authentication as well as digital certificates for identity verification and secure communication.
As we look towards a password-less future, it’s up to each of us to do our part and be cyber smart.
Republished courtesy IT-Online