by Bill Carey, Vice President of Marketing & Business Development at Siber Systems Inc.
Passwords have been the first line of defense for cyber security since the earliest days of the Internet, but predictions that new technologies will make passwords obsolete have been around almost as long. Despite that, passwords continue to confound expectations, showing surprising staying power as other options emerge. The reasons for this are simple: Passwords are more convenient, less expensive and more flexible than the alternatives.
As biotechnology options like iris and fingerprint scans came on the scene, many people envisioned a password-free future where users could log into networks or unlock devices in seconds with a quick scan. But as these technologies were deployed in the real world, they proved expensive, inconvenient and not quite as reliable or secure as advertised. For these reasons, consumer adoption has been slower than developers anticipated.
One of the key selling points for biometrics is that hackers can’t crack a biometric marker. But it turns out they can: As security firm FireEye demonstrated at a conference, biometric data can be intercepted before it reaches a device’s secure zone. It may also be possible to bypass iris scanners by holding high-resolution prints up to a security camera, as another security researcher claims.
Hacking is a serious and growing problem, and if the use of biometrics were a foolproof solution, there would be more support for widespread use. But the use of biometrics poses a new dilemma for companies that are dealing with a data breach. Currently, the first thing companies tell customers whose data has been exposed is to change their password. If biometric data has been compromised, customers have no recourse.
Hacking incidents result in the loss of hundreds of billions of dollars worldwide — not just at high-profile companies like Target, Home Depot and Sony Entertainment but also at small and mid-sized businesses as well as government organizations. Biometrics are clearly not a silver bullet solution, so what can people do to keep their data safe? Here are three tips:
1. Use stronger passwords.
Always use passwords that contain both upper and lowercase letters as well as numbers and symbols rather than words that can be found in the dictionary. For example “F00tb@11” is a much strong password than “football” and almost as easy to remember.
2. Use different passwords for every secure site and change them every 30-60 days.
It’s important to use separate passwords for each site so that a hacker who cracks the code at one site doesn’t get access to every site. Changing passwords frequently can also thwart hackers who have gained access to data and prevent the reselling of compromised passwords.
3. Consider multifactor authentication.
Multifactor authentication is the practice of using more than one type of security feature to protect data. It can include passwords and hardware or software tokens, security questions or biometric components. The use of multifactor authentication can significantly reduce vulnerability to hackers.
The humble password isn’t going anywhere any time soon, not with the problems plaguing would-be replacement technologies like fingerprint and iris scans and the rising threat of hacking worldwide. Companies that were counting on a silver-bullet solution to replace passwords should instead focus on strengthening their password practices and consider additional security options to take a multifactor authentication approach.
Businesses that resolve to use stronger passwords to protect their data will need to address employee challenges with remembering multiple complex passwords and the need for frequent changes. A good password manager solution can help: A well-designed password manager generates strong passwords and changes them for each site every time the user visits, but users only have to remember one master password.
But whether the company chooses a password manager solution or decides to go it alone, one thing is certain: Passwords are here to stay because they are an affordable, convenient and flexible solution. With that in mind, businesses that want to harden security should start by using better password practices to keep their data safe.
Bill Carey is Vice President of Marketing & Business Development at Siber Systems Inc., which offers the top-rated RoboForm Password Manager solution. Find out more about RoboForm at http://www.roboform.com/.