The password is that necessary inconvenience that separates the user from a nightmare and absolute chaos: private or banking data falling into the hands of others can become a real problem with unsuspected consequences. The unstoppable increase in attacks using techniques of phishing It forces you to use increasingly complex passwords and protect them with an essential two-factor verification. What used to be annoying can now become a real adventure of mobile codes, additions and all kinds of tricks with which the systems verify the user’s identity and prevent a multitude of attacks. Well, the great news is that it seems that passwords could finally be a bad memory and give way to a much more comfortable and secure system: biometrics.
Both Apple, Google and Microsoft have agreed to accept the implementation in their respective browsers of the system without passwords proposed by the FIDO consortium. This body, created by various companies in the technology sector in 2013 with the aim of “solving the problem of passwords in the world”, has announced that Google, Apple and Microsoft have reached an agreement whereby they commit to overcome the passwords. Although this heading does not materialize into anything tangible at this time, it represents a giant step in a challenge that began to be seriously raised in 2016. The sector agrees to recognize the problem: passwords are, today , a burden for the user and the industry.
Biometrics, easy, convenient and very secure
The difficulty of managing passwords means that a good part of them choose to repeat the same sequence for all accesses. A recent study carried out by Panda Security has revealed that a third of users repeat the same password (or with minor alterations). The danger is obvious: if a cyberattacker gets hold of a site’s password and it is repeated, they will be able to access the rest of the profiles, multiplying the damage. But this is only the tip of the iceberg of the problem, since human beings tend to optimize their resources and want this management to be comfortable: “Most trust things that we can remember”, explains Tyler Moffitt, security analyst at OpenText , “such as a date of birth or the name of our pets. While these options make it easier for us to remember them, they also make it much easier for a cybercriminal to discover them.”
In this sense, the consensus in the sector seeks to transcend passwords and evolve towards biometrics, the safest and most convenient way to access a profile. If you are wondering what exactly it is, statistics suggest that you are unknowingly a user of some biometrics system. Does your mobile have a fingerprint sensor? And face reader? If so, you are already taking advantage of a system based on biometrics. And what FIDO proposes goes precisely in this direction. “The FIDO passwordless identification standards are already being used in billions of browsers around the world,” Andrew Shikiar, executive director of the alliance, explains to EL PAíS. However, this manager explains that it is “a journey, not a sprint”, in which “many challenges” posed by the hardware itself and ease of use must be faced.
A “slow death” of passwords
However, the wait will be worth it. “The user experience accessing web pages and applications will be similar to the one enjoyed when unlocking the mobile,” explains Shikiar. That is, it will suffice to look at the screen or place your finger on the mobile to gain access, for example, to the bank’s website. This scheme without passwords is supported by a second trusted device that acts as a “key” against the rest; a smart and useful way to avoid scams coming from the phishing. In this sense, the verification in two factors (the one that requires the introduction of a temporary key sent to the mobile or generated by it), is being seen more and more compromised, and eliminating its use “ends the root with the first vectors of stroke”,
Biometrics is the ideal solution by marrying ease and convenience of use with security. “It is based on the three basic principles of security: something I know (a password), something I have (a card or mobile) and something I am (fingerprint or iris)”, explains José María Avalos, an expert in cybersecurity and director at BeDisruptive. A priori, the solution is perfect, but Avalos warns that the next challenge will be to know “how these biometric data are stored”, since cyber attackers do not rest. When will we see the real demise of passwords? As the executive director of FIDO has warned, it will be something gradual and, possibly, the user will not even notice, but, now, the days of passwords are numbered.
You can follow EL PAÍS TECNOLOGÍA at Facebook Y Twitter or sign up here to receive our weekly newsletter.