Kyle Kilcoyne By Kyle Kilcoyne • May 3, 2017

Just Say No: Time to Pass on Passwords

IT security leaders have long known that passwords are a nightmare, but now everybody seems to be catching on. A study performed by the Aite Group found that while consumers tend to be fairly comfortable dealing with passwords for the time being, 85 percent of respondents said they are aware of a need to move beyond the outdated method for user authentication.

The password problem

If that many consumers know that password protection isn't working, you better believe hackers do too, and financial services firms need get ready for a deluge of attacks targeting passwords. A Verizon study found that 89 percent of cyberattacks involve either financial or espionage motivations. Furthermore, 63 percent of actual data breaches occur because hackers have taken advantage of passwords that are either weak, stolen or simply the default passwords used by an applications.

Consider this dynamic for a moment - attacks on financial data are incredibly common, the majority of actual breaches happen because of poor passwords, and 85 percent of consumers acknowledge that passwords are getting outdated. If you aren't starting to move on from passwords, you may soon be facing a backlash from customers.

Not enough proof? A CSO Australia report summed the password problem up by explaining that any password that is complex enough to stymie attackers must be so complicated that users won't be able to remember it. Essentially, there is no way to put secure passwords in place without sacrificing user experiences.

 

Leaving passwords in the past

While the security industry has long been aware that passwords are problematic, the lack of intuitive, user-friendly alternatives has created a sense of complacency in the sector. This is changing. Biometrics are more accessible than ever. Mobile devices allow users to scan detailed images into their phones with ease. When combined, these sorts of technologies allow for robust identity management that can relegate passwords to irrelevance and allow for positive user experiences.

User authentication is at its best when using the most authoritative identification methods possible. This is why biometrics are so popular, and why presenting state-issued IDs is commonplace for in-person transactions. Financial services firms that want to match the simplified user authentication of an in-person interaction online can use digital identity management tools to process IDs over the web and confirm user identities. Leading identity management platforms can:

  • Pull biometric data from IDs to authenticate users
  • Identify unique markers on IDs to ensure they are genuine
  • Extract data and add it to forms to create a convenient user experience

A strong password becomes significantly less important - or entirely irrelevant - if your mobile app can process a user's driver's license. As consumers become more aware of the limitations of passwords, financial services firms offering strong alternatives can make them feel safe, give security teams new tools to protect data and simplify user experience design for development teams.