Signalling The Death Of The Password

t;ldr: your 'secret' spreadsheet of passwords isn't just you | love it or hate it, there's a selfie culture and this can be used to a bank's advantage | today's technology is built for convenience and security, to help ditch the spreadsheets for good.
MYPINPAD AimBrain PSD2 SCA

In December 2015, London’s Daily Telegraph newspaper asked if AimBrain could finally kill the password. Six months on, it’s clear the days of passwords are coming to an end. They are outdated, insecure and unable to cope in this new era of technology. It’s not that we might find an alternative, it’s that an alternative exists today and users want it. Now.

Where do you keep your not-so-secret spreadsheet?

In fact, the very day I was introduced to AimBrain I could see how disruptive this would be. I called a mentor I have in New York to discuss the opportunity and he mentioned a ‘secret spreadsheet of passwords’ that he would love to get rid of. That’s when it dawned on me that we all had one. It’s impossible not to. Everything has a password and all reset at different intervals, all are different lengths and all require different formats.

And just last month (June 2016) news broke that Mr. Technology Guru himself, Mark Zuckerberg, had had his passwords stolen. If I needed more validation.

A question of balance

The balance all product providers are trying to achieve is increased security AND an increased customer experience. This includes the largest financial institutions in the world to the smallest apps. Let’s use one of our newest customers as an example. Dabbl represent a new wave of investment applications that want easy access for all, with state of the art security that enhances user experience rather than jeopardise it. They understand that simplified user access and flow is crucial and that people have had enough of things that should be simple being made over-complicated and inaccessible. They know they have a market leading product that can make investing something everyone can be a part of. Now they want to ensure people have a hassle free but secure experience when doing it.

Time to move on

So that leads us to question why companies still insist on password entry – even though the world is screaming out for change. Simply put there hasn’t been a secure enough alternative. Until advanced biometrics (such as facial, voice and behavioural authentication) became available the only widely available option was fingerprint (such as TouchID) and that has some widely documented weaknesses.

Let’s compare the example of facial authentication with fingerprint authentication as a case study.

Fingerprint faking, and the lure of convenience

The main issue, that has been very well documented, is how easy it is to fake a fingerprint. Type ‘how to fake a fingerprint’ into a search engine and you will get many examples offered. There is a very good BBC article on it here. As you will see in the article, even Apple refer to TouchID as a convenience feature and not a security feature. However facial authentication software will remove this weakness immediate – although does need enhanced security features such as ‘liveliness detection’ as standard (to make sure a picture or video isn’t used as an alternative to the real person).

Love or loathe selfies, they aren’t going anywhere soon

Secondly we need to consider the customer experience. Love or hate it, we have a ‘selfie culture’. It’s become the norm. Why wouldn’t you use this as a log on option? Especially if you want young people (the so called ‘Millennials’) to use your products and services.

Get smarter

For financial services companies there is also a wider and ‘omni-channel’ approach to consider. While fingerprint authentication is limited to a few devices that allow it, facial authentication can be used as a consistent authentication method in branches, ATM’s and any other channels. We even know some banks that want to use facial authentication in the online banking app before they are connected to the phone banking service.

So, in conclusion, fingerprint technology has some major weaknesses that have prevented it becoming a secure replacement for passwords. However, we now see a raft of new biometric methodologies that offer both increased security and improved customer experience that are disrupting the industry. We, at AimBrain, are certainly seeing huge traction as we discuss this in the market. After all, a ‘Saudi hacker’ (as the news reports blame), would find it much harder to steal Mark Zuckerberg’s face. And I want to get rid of my secret password spreadsheet.

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook
AimBrain - Simply Smarter Authentication