The password is a necessary inconvenience. It separates us from the nightmare of our private data falling into the wrong hands. The ongoing increase in phishing attacks has made it necessary for users to use more complex passwords and protect accounts with two-factor verification. What used to just be annoying has now become a convoluted system of text message codes, secret questions and other tricks to verify the user’s identity and prevent attacks. But passwords could finally become a bad memory, giving way to a much more user-friendly and secure system: biometrics.
Apple, Google and Microsoft have all agreed to implement the password-less system proposed by the FIDO Alliance. The body, created by various technology companies in 2013 with the aim of “reducing the world’s reliance on passwords” has announced that Google, Apple and Microsoft have committed to phasing out passwords. Although the agreement has yet to materialize into anything tangible, it represents a giant step in a challenge that the sector began to take seriously in 2016. They agree to recognize the problem: passwords are a burden for the user and the industry.
Biometrics: easy, convenient and very secure
Because passwords are so difficult to manage, many users choose to repeat the same sequence for all accounts. A recent study carried out by Panda Security reveals that a third of users repeat the same password, sometimes with minor alterations. The danger is obvious: if a cyberattacker gets hold of one account password that is used for other sites, they can access the rest of the user’s profiles. But that is only the tip of the iceberg. “Most of us trust things that we can remember,” explains Tyler Moffitt, security analyst at OpenText, “like a birthday or the name of our pets. While these options make it easier for us to remember them, they also make it much easier for a cybercriminal to discover them.”
The consensus in the sector is to move towards biometrics, the safest and most convenient way to access a profile. If your cell phone has a fingerprint sensor or a facial reader, you are already using a biometrics system. “The FIDO passwordless identification standards are already being used in billions of browsers around the world,” Andrew Shikiar, executive director of the alliance, explains to EL PAíS. However, he explains that it is “a journey, not a sprint” that involves “many challenges” to be resolved.
A “slow death” of passwords
The wait will be worth it. “The user experience for accessing web pages and applications will be similar to unlocking a cell phone,” explains Shikiar. That is, it will suffice to look at the screen or place your finger on the mobile to gain access, for example, to a bank’s website. The new paradigm will be supported by a second trusted device that acts as a “key” against the rest. Two-factor verification will also soon become obsolete.
Biometrics marries both convenience and security. “It is based on the three basic principles of security: something I know, a password; something I have, a card or mobile; and something I am, a fingerprint or iris,” explains José María Avalos, an expert in cybersecurity and director at BeDisruptive. The solution seems perfect, but Avalos warns that the next challenge will be to know “how biometric data is stored.” So when will we see the demise of passwords? As FIDO’s executive director has warned, the disappearance will be gradual, but passwords’ days are numbered.