Cybersecurity firm MIRACL is urging organisations to replace passwords with “more secure, forward-thinking user authentication technology.”
The company has launched a campaign declaring today, June 23, as the first ‘Passwordless Day’. On would have been the 109th birthday of mathematician Alan Turing, MIRACL said the campaign brings attention “to the new realities of internet security and the opportunities we have to address them with solutions inspired by Turing’s work.”
“In theory, passwords are our best defence against somebody stealing our personal information. But in practice, they are a cumbersome obstacle to actually enjoying the internet,” says the firm.
“The rules of proper password keeping and the reality of our digital lives don’t match up. We’re told to use random passwords, change them consistently, and never repeat them. But who really does this? Real world password maintenance looks a lot like adding extra excl@mat1on p0int$ to the end of our current pa55words!
“Or worse yet, hitting the ‘remember my password’ button and relying on the magic of cookies until it’s finally time to hit the ‘forgot password’ button.”
As part of the campaign, MIRACL points out that no matter how careful an individual user is about their passwords, once they get into the hands of a digital business, they are immediately vulnerable.
“Usually passwords are stored all together in a single file behind layers of expensive security. But hackers have proven again and again that they can beat even the best traditional security infrastructure, leaving users vulnerable. All they have to do is say Open Sesame.”
It says there are decent password-related options like two-factor authentication that relies on separate hardware – but these options can be expensive and burdensome.
“We’ve all become conditioned for instant gratification in our digital lives – this can dissuade us from taking extra steps like signing up for 2FA, even if those steps can keep our data safer,” MIRACL notes.
MIRACL lists some alternatives to passwords.
Biometrics
Anybody with a newer mobile phone has likely experienced the magic of biometric authentication. The beauty of these options — which rely on recognition of each individual’s unique physical properties is that you can’t “forget” your own self; you are also hard to replicate. Biometric authentication can include recognition of fingerprints, faces, irises, voices, and even heartbeats.
Biometric authentication is fast and effective. Some users, however, might fear sharing their unique personal data with tech companies; and if compromised, that data presents an even bigger risk. You can change a password, but you cannot change your fingerprint.
Simple Multi-Factor Authentication
Multi-Factor Authentication (MFA) is exactly what it sounds like. Instead of just using a password to log in, you add a second “test.” Traditionally, that’s entering a one-time code sent by SMS or email; other times it can be entering an app and responding to a prompt. But, MFA doesn’t have to include a password or a second user step at all! The MFA process can also include biometrics or unique cryptography. A Zero-knowledge proof protocol allows users to prove their identity without actually sharing vulnerable information. In some cases all it takes is a 4-digit pin and the magic of a cryptographic token stored in a browser or mobile app.
