Stolen passwords and weak passwords are responsible for over 80% of security breaches in 2018, and in 2019 over 150,000 security incidents and nearly 4,000 confirmed data breaches were caused due to weak or stolen passwords. Passwords are some of the weakest forms of authentication, and when user authentication is not secure, cybercriminals have easy access to take whatever information they want.
Creating the perfect authentication method does not include just security, but also user convenience. Passwords and security questions are a very weak form of authentication as it leans on ‘shared secret’ between a service provider and a user. This also makes the user responsible for protecting and remembering multiple passwords at once, and with security questions, answers to those questions can commonly be found readily available on the user’s social media, rendering them nearly useless. A more secure way of authentication is to call a registered number to confirm a user’s identity, but this is not perfect as it requires a user to have a phone at the ready, and phone calls can be easily intercepted and redirected. Time based one use passwords are sent through a push notification, SMS message, or through an email. Codes sent expire after a short time, meaning even if they are compromised, the code can not be used. This form of authentication is more secure, but is still vulnerable to SIM hijacking, malware, and notification flooding attacks. Biometrics are some of the most secure types of authentication – though the tech utilizing it is still not perfect and can suffer from false positives. Biometrics are also some of the most convenient form of authentication as you always have your DNA, fingerprints, or face at the ready, and you do not need to remember a password.
Learn more about a guide to authentication methods and how the future without passwords is becoming a reality here:
