Password phishing is one of the most common techniques adopted by cyber criminals to infiltrate an enterprise’s computer network. According to the FBI’s Internet Crime Report 2021, India stands fourth in a list of 20 countries in terms of the number of total cybercrime victims, with phishing among the top five types of crime highlighted in the report. Too many passwords are a nuisance – let alone creating and remembering strong passwords that adhere to specific requirements. According to NordPass, a proprietary password manager, 31% of passwords used by Indians can be cracked by hackers in less than a second. In addition, the Dell Technologies Brain on Tech study found that when users worldwide were presented with a long, difficult password to access a computer under time pressure, their stress increased by 31% within five seconds and continued to rise even after users successfully logged in.
These results only reinforce the fact that, for most of us, good password hygiene is less of a priority and more of a nuisance. Whether you reuse the same password repeatedly, use weak passwords or write them on a sticky note, many of us are doing exactly what we have been warned against. To increase security, organizations typically require employees to update their passwords on a regular basis and let them adhere to minimum requirements to create strong passwords. However, this isn’t enough to safeguard their data and simply compromises security for convenience.
So, if most people understand the importance of good password hygiene but no one feels obligated to practice it, where do we go from here?
The idea of using biometrics to identify an individual is centuries old. There is evidence that fingerprints were used as a person’s mark as early as 500 B.C. and that biometric technology existed for several decades prior. However, it wasn’t until the early 2000s that this technology really started showing up in end-user devices, and today, most people are familiar with using biometrics to unlock their devices and applications. What seemed like a novelty just a few years ago when we first saw people simply look at their smartphones to unlock them, has now become commonplace.
The technology that enables biometrics continues to advance with better sensor technology and the use of AI-based matching algorithms, resulting in a better user experience while significantly improving the security model. As biometrics continue to gain popularity as a convenient and secure form of automated user authentication, the traditional password will become much less appealing to consumers and enterprises alike
If you’re wondering, why the use of biometrics is more secure than passwords, here’s why: passwords are a string of characters which are validated by a website or service to allow a user access. Strong passwords are designed to be difficult to guess or replicate, but even the most complex passwords can be stolen or compromised. Biometrics on the other hand, is a unique biological passcode. Biometrics play a critical role in multi-factor authentication as it is the most difficult to replicate of the three possible factors of authentication which are: something you know (your password/PIN), something you have (your device or security token) and something you are (your fingerprint or face). Connecting authentication to a user’s biometric match creates the most difficult scenario for a cybercriminal to duplicate. Once the local authentication is performed, a secure digital certificate is released to the website or service for user authorization.
As Zoomers enter the workforce, there’s a real opportunity for greater biometric adoption for data security. These digital natives grew up accustomed to using fingerprint readers or facial recognition on their smartphones and likely wouldn’t think twice about using the same technology on their PCs and other devices. It’s time for organizations to reassess how they are handling security on employee devices and consider incorporating biometrics in their next PC refresh cycle. In fact, Next Move Strategy Consulting expects the password-less authentication market to explode to $53.64 billion by 2030. Meanwhile, Gartner estimates that by 2022, 60% of large enterprises and 90% of mid-sized enterprises globally will implement this authentication method in more than 50% of their use cases.
We still have a long way to go until passwords are obsolete and become a museum exhibit, but as biometric technology becomes more sophisticated and even more widely adopted, it’s only a matter of time until we can blissfully forget about remembering complicated passwords without compromising on security. In the meantime, there are simple ways all of us can “Be Cyber Smart” and keep our data safe without passwords raising our stress levels, including:
- Leverage a password manager to create strong passwords and store them in a secure location.
- Leverage multifactor authentication, as well as digital certificates for identity verification and secure communication.
Technology is only going to become even more integrated into our daily lives which is a gold mine for bad actors. As we look toward a password-less future, it’s up to you to do your part and #FortifyYourSecurity .
(The author is Mr. Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies, India and the views expressed in this article are his own)