Online security experts have nagged us to come up with uncrackable passwords for years – only to announce that passwords are no good at keeping data safe and should be scrapped.
Passwords don’t work, says the UK’s official fraud prevention service CIFAS.
The government funded agency picked up nearly 190,000 reports of online identity theft last year – that’s 365 victims every day.
Just look at the massive corporations like Yahoo, that lost the personal data of more than 3 billion users, including email addresses, security questions and passwords. Question answering site Quora was hacked, losing the data of 100 million registered users.
If these companies with huge resources cannot beat off hackers, how can home users expect to defend their data?
Memory is the weakest link
Perhaps by following the lead of Microsoft. The software giant is scrapping passwords to replace them with biometric scans or complex security keys.
The problem is people can’t remember passwords or long lists of numbers, symbols and letters.
That’s why they tend to keep the same password for multiple apps, and why when a hacker gets away with a big haul of user data, so many sites are worried they will be breached as well.
The EU is demanding businesses turn to two-factor encryption, which needs two methods of identification to allow access to an online or mobile account.
“Is biometrics going to replace passwords? No, a combination of factors is going to replace passwords, we are and we should be moving toward this,” said Ali Niknam, chief executive of Bunq, a mobile banking service.
Multi factor authentication
Some corporations are going even farther by relying on multi-factor authentication (MFA) which identifies people using as many ways as possible.
This can include not just standard measures like PINs, passwords and fingerprint scans, but checks running in the background such as your location, purchase history, keystrokes, swiping patterns, phone identity, and even the way in which you hold your phone.
These all work fine, except for when you’re somewhere with poor reception that means you can’t receive a text to complete login with that all important key code.