Up until five years ago, the most common password was, well, “password.” Since then, it’s been “123456.” With passwords like that, it wouldn’t take a genius to hack into your account.
(By the way, if you use either or both of the aforementioned passwords above, you’d best change them. Now. Consider this a public service announcement.)
Personally, I can’t really blame people for choosing rather weak passwords. With all the things we have to bear in mind everyday, it’s all too easy for us to forget a strong-alphanumeric- password-with-so-many-bells-and-whistles-that-it-looks-like-a-curse-word (P*t@n9in4, anyone?) when we’re already in a rush to carry out a bank transaction or log in to our work computers.
Besides, passwords can be inherently insecure to begin with. Sure, just about every company in the world uses them to verify customers’ identities, but they’re incredibly susceptible to various extraction methods. Some hackers leverage weak passwords that are all too easy to guess, impersonate targets to gain their log-in details, or simply open up someone’s drawer at work to find that Post-It note containing their account info.
We haven’t even talked about malware programs that exploit the security weaknesses in operating systems and thus compromise the security of countless accounts.
Fortunately, there are now a handful of password alternatives making the rounds. Here are a few you may already have encountered:
Apple’s Touch ID allows iPhone users to access their phones or purchase apps using their fingerprints rather than typing in a four-digit passcode. And thanks to a very embarrassing incident involving a Philippine labor undersecretary caught stealing a congressman’s spanking new iPhoneX (I *wish* I was kidding), we now know that the company’s latest smart phones employ facial recognition software as well.
The beauty of biometrics is that it relies on the user’s unique biology for authentication rather than on information that can be easily lost or misplaced. Your can’t exactly lose your fingerprints that easily, can you? Neither can they be hacked in the same way other authenticators can be, and what can be easier than pressing the tip of your finger to the home button on your phone or holding your phone’s camera up to your face?
This option isn’t without considerable drawbacks, however. For one, biometric security can be prohibitively expensive, especially on a mass-market scale. Accuracy issues have also come into play; some of the early facial recognition users reported having difficulty accessing their devices after considerable weight gain/loss. Thus, some authorities have advised against using biometrics as a lone method of authentication.
2. Phone-based Authenticators.
If you’ve logged in to your yahoomail inbox recently, you may have been offered the option to use account push key notifications instead of a password to access your account. Basically, you get a notification on your phone, which prompts you to confirm your log-in with only the push of a button. Easy-peasy.
Another sort of phone-based authenticator is the one-time password. A good example is the sort that shows up in your phone’s inbox when you try to make an online purchase using your credit card.
The advantage of phone-based authenticators is that they don’t require users to remember anything and are pretty convenient since we tend to have our smart phones on our person often. The downside, apart from being rendered helpless if your phone is lost and stolen, is that SMS messages themselves can be hacked and intercepted.
Then there’s the fact that being in a place with an unreliable signal can delay or even hinder your access when you’re unable to retrieve your one-time password.
3. Security Tokens.
These can be categorized as either soft or hard. The former are very similar to the one-time passwords mentioned in the previous item, and make use of the user’s smart phone’s clock and the algorithm contained in an app’s software installed on the device.
Hard tokens are more tangible, with some taking the form of wearable ring-tokens that can be synced with one’s gadgets so the user can utilize it to do everything from unlock computers to authorize credit card purchases. These eliminate the need for passwords, yes, but they can be quite pricey to deploy as each user would need their own gadget. Furthermore, a hard token would be one more device you’d need to safeguard from loss or theft.
It’s important for any business to keep up with the times, and it’s quite clear that passwords will soon go the way of the typewriter or, to be more up-to-date, yahoo messenger: quaint yet obsolete.
The good news is that companies have enough time to explore their options, such as the ones mentioned above, and to eventually choose which one would suit their needs, along with those of their customers’, the best.