CBI calls on UK firms to put cybersecurity on board agendas
Speakers at the inaugural CBI Cybersecurity Conference have confirmed the belief that cybersecurity is a risk that needs...
Never-ending headlines about hacks and data breaches have cast a shadow over passwords, with many experts advocating the use of biometric authentication instead. We look at the latest developments.
I remember the first time I had to pick a username and password combination. It was for our home internet service. For my username I went with a nickname I had at the time and a reference to the football team I support. For the password I went with… exactly the same thing. Easy to remember, I thought, so why not?
Nowadays, password security has evolved to stop such bad practices. But plenty remain. SplashData’s analysis of passwords, gathered from data breaches in Western Europe and the US, shows that ‘123456’ is the most popular password, followed by ‘password’. The rest of the top 10 is made up of numbers and simple words such as ‘football’ or ‘welcome.’
In addition, more than a quarter of UK workers admit to using the same password for personal and corporate accounts and, according to a survey by identity management company LastPass, 61% of all users admit to using the same password for multiple services. Password reuse has directly led to a number of data breaches, with the theft of more than 60 million Dropbox user credentials being one of the most famous cases.
Moving away from passwords
There’s a feeling in the security industry that passwords are no longer a sufficient way to protect online accounts and services. Increasingly, we cannot rely on companies to adequately protect our passwords, and the issue with reuse means that, when one service falls, hackers can use the stolen passwords to break into others.
Advances in online security mean we’re increasingly using something far more secure than passwords – something that is unique to each individual and cannot easily be faked. Biometric authentication is gaining a lot of traction. The most popular forms are fingerprint and retina scans, but there are other biometric options – such as iris recognition and finger vein identification – for secure sign-on to services.
Some tech companies have even introduced fingerprint readers on their devices, including many of Lenovo’s ThinkPads. This means users can unlock them by running a digit over a sensor instead of entering a code.
MasterCard has taken this concept one step further with the introduction of ‘selfie pay’. The app takes a picture of the user and digitises it, and then compares that stored version to the live ‘selfie’ the user takes when they want to purchase something online. However, for those of us horrified at the prospect of using a selfie as authentication, the app also allows fingerprints to be used.
Biometric authentication isn’t a new concept, but the continued weakness of passwords as a way of protecting data means it’s more a necessity than an optional tool.