Imagine that it is the year 2050 and a group of schoolchildren are visiting a museum exhibit as part of “Cybersecurity Awareness Month”. Suddenly, a student asks his teacher “what’s that?” as he points to a strange combination of letters, symbols, and numbers. “Oh, that’s a password. Your parents used them to access their devices and apps. They have since become extinct,” replies the professor.
Passwords extinct? How did we get to that? The answer is simple: through biometrics and digital certificates.
The password challenge
Let’s not get too far ahead of ourselves. Instead, let’s go back to the year 2022.
Password overload is a hassle, let alone creating and remembering strong passwords that meet specific requirements. According to the Dell Technologies Biometric Usage Study, creating, remembering and regularly changing passwords is considered “an annoyance” for 62% of workers in the United States. Another Dell study, Brain on Tech, found that when users around the world were presented with a long, difficult password to gain access to a computer under time pressure, their stress increased by 31% in five seconds…and increasing. even after users successfully logged in.
These results reinforce that, for most of us, good password hygiene is not a priority: it is, instead, a hassle. Whether it’s reusing the same password repeatedly, using weak passwords, or writing it on a sticky note, many of us do exactly what we’ve been told not to do.
Worryingly, these behaviors aren’t just reserved for working adults. A recent study by the US Department of Commerce’s National Institute for Standards and Technology explored what students know about passwords and how they use them. The results showed that elementary school students learn and understand the best password practices, but still show poor behavior when executing them. Once children enter their teens, many begin to share passwords to build friendships and trust.
So if most people understand the importance of good password hygiene, but no one feels compelled to practice it, where do we go?
biometrics
The idea of using biometrics to identify an individual is centuries old. There is evidence that fingerprints were used as a mark of a person as early as 500 BC and that biometric technology existed for several decades before that. However, it wasn’t until the early 2000s that this technology really started to appear in mainstream devices, and by now most of us are familiar with using biometrics to unlock devices and apps. What seemed like a novelty a few years ago, looking at the smartphone to unlock it, has become commonplace.
As biometrics continue to gain popularity as a convenient and secure way of automatic user recognition, the traditional password will become much less attractive to consumers and businesses. In addition, there are increasing advances in sensor technology and the use of AI-based matching algorithms. This improves the user experience and increases security.
Fingerprint readers and facial recognition are now available on leading enterprise laptops and are used as part of a multi-factor authentication solution, giving users more secure ways to access their devices, apps and data. than passwords, which are easy to compromise. In fact, the aforementioned Biometric Usage Study found that in US companies with availability of biometrically secured computers, around 80% of employees say they use the feature and 64% say they would use it if offered. And that’s not just for convenience—workers also believe those features could help keep company data secure. This, in turn, increases IT administrators’ confidence that the devices and users on their network are authentic.
You are probably wondering why the use of biometrics is more secure than passwords? Passwords are a string of characters that are validated by a website or service to allow a user access. Strong passwords are designed to be difficult to guess or replicate, but even the most complex ones can be stolen or compromised. To secure user identities, the use of multi-factor authentication for user access is increasingly required. Biometrics plays a critical role in multifactor authentication, as it is the most difficult of the three possible authentication factors to replicate. These factors are: something you know (password or PIN), something you have (device or security token), and something you are (fingerprint or face). Pairing authentication with a user’s biometric match creates the most difficult scenario for a cybercriminal to duplicate. Once local authentication is done, a secure digital certificate is released to the website or service for user authorization.
Coupled with people’s willingness to embrace biometrics in their work teams, there is a real opportunity for this technology to continue to grow, especially as Gen Z enters the workforce. These digital natives have grown accustomed to using fingerprint readers or facial recognition on their smartphones and probably wouldn’t think twice about using the same technology on their computers and other devices. It’s time for organizations to reassess how they manage security on work devices and consider incorporating biometrics for their next PC refresh cycle.
Until then
We still have a way to go until passwords are obsolete and a museum exhibit, but in the meantime there are simple ways to keep your data safe without passwords increasing your stress levels such as using a password manager to create strong passwords and store them in a safe place. And take advantage of multi-factor authentication as well as digital certificates for identity verification and secure communication.
