Why passwords will disappear (and what systems will replace them)

In 2017, Sarah *, an actress who lives in London, was a victim of the crime of identity theft.

“I came home one day and found a surprise in the mailbox,” he recalls.

“There were  two new credit cards that I had not requested and  a letter from a bank denying me another, which I did not request .”

She had to spend $ 200 on credit verification services to try to find out where the requests she had not made originated.

“And that is a lot of money and time.”

The  identity theft is ongoing  in Europe and other regions of the world.

In the United Kingdom, the Fraud Avoidance Credit Industry System (CIFAS), a nonprofit entity with representation from the public and private sector, registered 190,000 cases last year alone.

And that our lives are increasingly digital is a fertile field for those who are dedicated to stealing personal information.

But then how can we keep our digital identity secure?

Our first line of defense is often a password

However, it is not always the best option.

In April of this year, Facebook admitted that millions of passwords from Instagram user accounts were stored on their systems in a reading format that was vulnerable to attacks.

There was also a large-scale digital theft. Last year the Quora internet portal was hacked, compromising the names and emails of  100 million users .

Recently, Yahoo! A class action lawsuit for a massive hacking that affected some 3,000 million users between 2012 and 2016 resulted in an agreement of $ 117.5 million. Hackers were made with emails and passwords.

Nor was it surprising that Microsoft announced last year that the company is planning to  “kill”  the password and start using biometric data or a special security key to access their accounts.

The consultant in research technologies Gartner predicts that, by 2022, 60% of large brands and even medium-sized companies will reduce their dependence on passwords by half as an access method for their users.

“Passwords are the first thing hackers start with,” Jason Tooley, director of Veridium , a company dedicated to providing biometric authentication services , told the BBC  .

“People tend to use passwords that are easy to remember and that is why their systems are compromised,” he added.

The password verification system is considered by some analysts as obsolete.

Leaving that system aside is not only a step in improving security, it also saves time for technical support departments, which devote hours and hours to reset forgotten keys.

“The cost associated with the use of passwords is up to US $ 200 per employee, not including loss of productivity,” said Tooley.

“For a large organization with more than 1,000 employees, that is a huge cost,” he added.

New risks

Philip Black is the commercial director of  Post-Quantum , a company that designs powerful encryption systems to protect information.

He agrees that the keys and passwords are today the weak point of digital life.

“You have to  create and  use  so many keys that it becomes  somewhat unmanageable , so people end up using  the same code  for everything and that is what creates the vulnerability,” said Black.

A new set of European Union rules was designed to deal with the problem.

The Second Payment Services Directive (PSD2) requires businesses to use at least two ways to authenticate a user’s identity.

It can be through something that the client has in his possession (such as a bank card), something that only he knows (such as a PIN) or a characteristic of his own, including biometric data.

Although tokens, passwords and codes sent by text message have so far dominated this type of validation, interest in biometrics is increasing.

According to the bank fraud survey by  KPMG , in 2019, 67% of banks are investing in biometric measures such as fingerprints, voice patterns and facial recognition.

Biometrics offers a better consumer experience, but it has not had the expected development because it needs specialized equipment.

With the latest mobile phone models, many people already have the  necessary hardware  in their pockets.

An investigation done in the United Kingdom, for example, pointed out that one fifth of the country’s residents have a cell phone that can scan fingerprints. And that number is growing rapidly.

But even in that, the data is vulnerable

In September, Chinese researchers demonstrated at a conference in  Shanghai  that it was possible to obtain the fingerprints of someone with a photograph taken long distance.

Now, if it is difficult to reset a password, let’s try to change our fingerprint.