Nowadays everything online requires some form of account, from your online shopping retailer to your fast food delivery service, no matter what you’re trying to access, they all want your details and then a password to protect all that personal information.
Some companies are happy to relax when it comes to security and then others want a password with a flurry of various requirements such as a minimum character limit, maximum character limit, uppercase letters, lowercase letters, numbers, special characters, no blank spaces, and the password cannot have been used previously.
Once you’ve then reached those requirements, you find yourself with a password that is not only ridiculously hard to remember, but one that is also relatively easy for a computer to guess via a brute force attack, which is where a powerful computer attempts to guess your password by trying all different combinations of characters until it is successful.
Some people argue that passwords are extremely outdated and that a new method of authentication must be found, but what would replace the mighty password and would it improve the process and security of our never-ending accounts?
The big tech giants have been trying to answer this question with companies such as Google and Microsoft leading the way most recently. However, it is not a new concept with Bill Gates of Microsoft informing us all that the password would be dying all the way back in 2004, a man ahead of his time for sure.
Some of the most recent advancements towards a password-less future include using other methods of authentication that use Biometric factors. One example of this is with Apple, they have recently launched the iPhone X, which can be unlocked by having the user simply look at their phone. Unlocking phone by a biometric isn’t something new to apple though, as their iPhones have also had the ability to be unlocked by your fingerprint (Another biometric factor) since 2013. Despite having these methods of locking down the device, it can all be bypassed by entering a Pin code, which the user must setup before they can use the biometric methods of authentication.
Another method that is being used by top tech companies such as Google and Microsoft is the method of using both; something that the user knows (such as a password), and also something that they know only the user has (such as a Barclays PINSentry, HSBC SecureKey, or a pre-registered mobile number / application). This method of authentication is called Two factor authentication because, you guessed it, it uses two different factors to authenticate you. Whilst this is a vast improvement from the sole password, it still has its problems and can cause headaches if one factor cannot be accessed, for example, if you’ve left your phone at home one day it might mean no email access for you all day.
Another method of authentication which may be used in the future is single use and temporary passwords. With this method you will get an email or SMS every time you try to log into the system which would include your temporary password, the password generated would be random and only available to be used once to avoid unauthorised access. This method circumvents the issue of users creating easy to guess passwords, and also the issue of users writing their passwords down for other people to use. Seemingly like all authentication methods, it is flawed, for example you could lose your phone which would stop the SMS from being delivered to you or as it is with a lot of phones these days, the temporary password could be read from your phones lock screen.
Another more futuristic attempt at killing the password is to use a method of authentication that you cannot replicate or share, and that is your heart rate. A company called Nymi have recently developed a bracelet that identifies a user based on the heart rate. This is possible because heartbeats, like fingerprints, are truly unique, it is not simply the number of beats per minute that are measured, but also other factors such as the position of your heart valves and the overall size of your heart that will create the electrical signal the bracelet would use. One benefit of this method is that the bracelet would pick up the signal whenever required and you wouldn’t have to do anything such as type a password or press your finger on a scanner.
Despite these advancements we have made in password security, none of them bring the benefits and ease that the password currently provides, such as its simplicity to use and deploy. Due to this I believe that many companies will be moving towards making the password more secure by implementing stronger character requirements and the majority will be adopting two factor authentication to ensure it is only authorised users who have access.
We are always looking at ways to develop and improve and our IT department is just one section of the business where we are always making huge progress. Get in contact today to see how our forward thinking teams can improve your sales.
IT Support Coordinator