SecurityWorldMarket

24/02/2019

How do we say goodbye to passwords?

Paris, France

You’ve likely clicked that “forgot password” hyperlink far too many times to count. But industries have begun to respond to this consumer pain point by implementing secondary means of identification and in some cases replacing passwords all together. Given these developments, a team from Idemia explore, what is the future of passwords?

With too many passwords to remember, we have adopted bad habits that render our tedious passwords useless. Combining security and convenience are crucial in public and private sectors alike. Constant innovation in biometrics and AI, and widespread adoption of the technologies, are changing user behaviour and paving the way towards a password-free world

" More services, more passwords… By 2020, users will have as many as 200 passwords per person. At Idemia we are investigating ways towards a password-free world together with the mobile industry." Says Mikael Breton, Mobile ID Solution Owner, Mobile Operators Business Unit at Idemia.

Passwords aren't enough.

Passwords are the most universal way to authenticate ourselves – requiring no specific equipment and providing a level of security that only the user should be able to unlock. Paradoxically, the password has become a victim of its own success. Instead of being the ultimate secret that protects us, passwords have become a hassle and often are no longer sufficient. By 2020, users will have as many as 200 passwords per person, leading many to adopt unsafe habits, such as using the same password for multiple sites (80% of millennials use the same password for all accounts) or creating overly-simplified passwords that are easy to hack. These unsafe habits render our passwords useless. And on top of it all, fraudsters are continuously inventing new ways to steal personal information.

Nicolas Raffin, Strategic Marketing & Innovation, Financial Institutions Business Unit, explains further. "For banks and online retailers, a seamless experience that facilitates access to services and transactions is critical. Cumbersome security measures yield high abandonment rates, which can negatively impact business. The combination of biometrics with risked-based authentication techniques creates a smoother experience. It’s time to say goodbye to passwords."

Multi-factor authentication

Our passwords grant us access to websites and services with varying levels of security requirements. While we can login to certain websites, such as social media or email using a claimed identity, i.e. without actually proving who we are, more secure services, such as banking or government sites, require a verified identity. In these situations, we must prove our identity with an official ID document at the enrollment phase in order to access these services. Service providers have also begun to integrate additional security measures such as multi-factor authentication; meaning combining at least two of the following: something we know (a password), something we own (e.g. our smartphone) and something we are (our biometric data). While it adds another level of security and protects highly sensitive transactions, multi-factor authentication tends to complicate the user experience.

"Instead of being the ultimate secret that protects us, passwords have become a hassle and often are no longer sufficient. Governments, first and foremost, need to assure citizens that their identities are highly protected against fraud. Biometrics is the best way to combine high security and a seamless user experience." Adds Grégory Kuhlmey, Digital business development manager, Public Security & Identity Business Unit at Idemia.

Crucially - security and convenience
Security and convenience are crucial in public and private sectors alike; however prioritising the two can vary. Governments, first and foremost, need to assure citizens that their identities are highly protected against fraud. So, while they are willing to boost the convenience factor by digitising services, security remains of utmost importance. For banks, e-merchants and mobile operators, a seamless experience that facilitates access to services and transactions is critical. Cumbersome security measures yield high abandonment rates, which can negatively impact business.

In both these spheres, biometrics is the best way to combine high security and a seamless user experience. We’ve already seen it create a virtuous cycle in the early days of smartphones. When users grew tired of unlocking their phones with a PIN code, many chose to leave their devices – and data – unprotected. Convenience was the key to changing user habits. With the massive adoption of fingerprint scans, users began protecting their device, and themselves, once again.

In banking and e-commerce sectors, the combination of biometrics with risked-based authentication techniques creates an even smoother experience. In this scenario, users are asked to prove their identity only when the transaction presents a real risk – for instance, an unusual delivery address or a particularly expensive purchase. In this case, what a more natural way to prove who they are than a quick selfie on their smartphone?

Deep Learning and AI

Advancements in Deep Learning and Artificial Intelligence (AI) algorithms can push the needle even further in the years to come. The mobile industry, for example, is investigating ways to make the authentication process even more invisible with context-based authentication. With explicit user consent, a service provider could for instance confirm a user’s identity by analysing their location and the unique way they swipe their smartphones – requiring zero additional effort on the part of users.

"Unsafe habits render our passwords useless and convenience is the key to changing user habits. We’ve already seen the use of biometrics create a virtuous cycle in the early days of smartphones with the massive adoption of fingerprint scans. In the foreseeable future, Advancements in Deep Learning and Artificial Intelligence will create a safer and password-free digital world." Sébastien Brangoulo, Biometric Products Director, Connected Objects Business Unit at Idemia.

A password-free world

According to the team at Idemia, in the foreseeable future, passwords will still exist for specific scenarios such as account recovery operations; however their use will become significantly less common. In the coming years, as more devices integrate biometric and AI technologies, we could find ourselves in a (nearly) password-free world where your PC recognises you (and only you) when you sit at your desk and where phishing threats are long forgotten. 


Tags

Product Suppliers
Back to top