World Password Day: what alternatives?
World Password Day takes place every year on the first Thursday in May. The call is to use strong passwords, ideally two-factor authentication, and to handle access data responsibly. Five alternatives to passwords.
Biometric authentication, "zero login" based on individual behavior patterns, microchip implants, login with brain waves ("brain password") or DNA-based authentication solutions, these are password alternatives according to cybersecurity experts from BullGuard.
The password risk
Major hacks or data leaks in which millions of data records - including passwords - are disclosed or stolen are not uncommon. The illegal market for access data and passwords is flourishing on the darknet. One popular scam for using other people's data is called "credential stuffing." Email addresses and passwords on popular online platforms are automatically tried out with special software until a hit is made. Does this mean the end of the password in the long term? How will people authenticate themselves in five years? Some alternative methods of secure login already exist today, and at the same time, research is constantly finding new ways and possibilities. The five alternatives to the password are presented below:
- Biometric data
Retina scanner, fingerprint sensor, voice and face recognition are now the most common applications of ID authentication. The most widespread is enrollment via fingerprint and facial recognition. For example, it is already possible with some financial service providers to link a selfie with a debit or credit card. However, biometric authentication has a crucial weakness: everyone has only one face, two retinas and ten fingerprints at their disposal. They are effectively the password, which cannot be reset if compromised. In 2015, for example, a database containing the fingerprints of 5.6 million U.S. federal employees was hacked.
- Zero login
Zero login is the use of unique behavioral characteristics such as individual typing patterns, applied pressure on the screen or buttons, and location and occupation to verify identity. Based on these characteristics, users gain access to applications and online services without actively logging in. Only if a pattern differs from the user's will the device ask for a password or other authentication. The problem here: was the logout successful? It is also unclear where the collected behavioral data is stored and how it is protected.
- Microchip Implants
Implanting a microchip under your skin that corresponds to a password or key is not a new idea. But recently, a few companies have started offering this option to their employees. Passwords and keys become obsolete with the microchip. Doors, as well as computers, can be opened or operated by scanning the chipped hand.
- Brain Password
The "Brain Password" is a digital display of brain activity while viewing a series of different images and objects. First, passport data, fingerprints or a facial scan are requested for identification. Then, brain activity in response to specific stimuli is measured using sensors. This results in a unique brain structure that represents a brain password - unique and non-replicable.
- DNA identification
Identification by DNA is also realistic: In Qatar and Estonia, DNA values of citizens are already collected to detect and prevent potential health problems. On social media platforms like OpenSNP, users publicly share their DNA for scientific purposes. Using personal DNA as a feature for authentication is then no longer a long way off.
Alternatives - problem remains practically the same
At this point in time, it is unclear which of the alternatives presented will prevail. But it is already clear that all of them have one crucial flaw: There is no guarantee that the data is stored securely and protected from hacker attacks. So the problem remains the same. The only difference is that it is almost impossible to imitate the new authentication methods.
Paul Lipman, CEO of BullGuard, expects the importance of biometric features to grow: "Passwords will continue to play a role in the future. However, they will be supplemented by other security features such as biometric identification and two-factor authentication."
A separate password for each account
Even if additional security levels are added in the future, the high requirements for passwords remain. It is therefore still important to choose a strong password for each account and to change it regularly. A good password comprises at least ten characters and is a difficult-to-follow combination of numbers, letters and symbols. The world password tag is therefore justified even in times of fingerprints and facial recognition.
Source: BullGuard