The death of the password

British consumers are increasingly using their digital identities for a range of activities in the online world, from sending emails to buying goods, to managing bank accounts and accessing government services. Until very recently, passwords were considered the de factor form of authentication, but this is all set to change.

According to Centrify, the average person has to remember 19 passwords for the digital services they use. Consumers don’t have the patience or time to remember randomised usernames and passwords, but traditional passwords also leave us exposed to risk.

>See also: 3 tips to help make and manage complex passwords

Unfortunately, consumers tend to pick easy to remember combinations that they repeat, making them vulnerable to hacks and resulting data breaches. We all want authentication that is quick, easy and secure – but passwords have clear limitations and the elements of what a password can contain and how frequently it must be changed have grown dramatically. This has led to significantly increased pain and friction with customers.

Memory is a thing of the past

The best way to secure our digital identities is to adopt multi-factor authentication. This works by presenting several separate pieces of information to an authentication mechanism. Typically this would include knowledge (specific information we know) and possession (something we physically have). Think of it as a bike chained to a railing – the bike belongs to the cyclist, but in order for the cyclist to unlock the bike, they must have access to the right key for the bike lock.

The cyclist must then choose the right key from their overcrowded keyring, which, like remembering multiple passwords, can be time consuming and frustrating. Imagine, though, a world where you had a master key that was always in your possession, which you could use to access not just your bike, but all the other services you need.

We are only at the beginning stages of how consumers can use their mobile phones for authentication. There is a clear need for a more sophisticated, yet simple, secure and convenient means of creating, managing and laying claim to digital identities. At the moment, the main emphasis is on developing services that offer consumer authentication and facilitate transactions.

>See also: Get ready for the cyber war in 2017: know your enemy

The GSMA has been working with operators and service providers in the UJ to deliver mobile authentication services via Mobile Connect, a convenient and secure universal log-in solution with privacy protection.

First, it solves the problem of the UK’s consumers being forced to remember a growing list of passwords and user IDs but additionally in tandem with solutions such as biometrics the possibilities are endless – from using your fingerprint to access your car, to using your iris as your passport.

The future

Already exciting solutions such as biometrics are tolling the death knell of the password. How do we implement such futuristic technology like biometrics into our daily lives? Luckily the answer is already in our hands: our mobile phone.

Smartphones already contain much of the technology that is required to make biometric authentication possible: touch screens, cameras and microphones for voice analysis. Mobiles also offer much higher levels of security because like the bike lock, only the user can access the authentication key.

>See also: Controlling your digital legacy 

Biometric authentication is already being used effectively by some of the world’s largest mobile manufacturers. Apple saw a striking increase in the number of users choosing to encrypt their devices once they made fingerprint access available. What consumers want is security and ease of use, which is exactly what mobile authentication provides.

Of course, as with any emerging technology, there are bound to be teething problems. Biometrics is no exception. Unlike passwords or PINs, facial and voice recognition require a well-lit space that is free of motion, vibration, or white noise. This can be a challenge in our modern lifestyles where we are constantly on the move.

Another challenge lies with interoperability, standardisation and the way biometric data is used. Mobile identity management services are of little or no value unless service providers, like third party website operators or app developers, want to actively deploy them within their services. The key to success lies with players throughout the mobile value chain and whether they are willing to embrace new technologies.

The potential impact that biometric authentication can have in the UK, and on the rest of the world, is huge. There can be no doubt that the days of the password are numbered and biometrics will play a key role in the future of mobile authentication.

>See also: Password ignorance will lead to cyber attacks

Given that smartphone connections will reach 690 million by 2020 in the UK alone2, consumers increasingly have the power to protect their digital identities safely and instantly in the palm of their hand.

It’s critical that the mobile operators continue to work closely with the rest of the mobile ecosystem to expedite the rollout of safe and instant authentication through biometrics. Only then can the UK’s mobile market reach its potential.

 

Sourced by Jaikishan Rajaraman, head of Technology, APAC at GSMA, the mobile industry’s body

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Password