Yesterday, Britain’s National Cyber Security Council announced websites should allow customers to cut and paste passwords to access their accounts following new password guidance issued by The National Cyber Security Centre.
<p>Passwords are one of our biggest vulnerabilities – but this is not the consumer’s fault. The fault lies with the technology industry. In the last ten years, our shift to a digital economy has created the perfect automation infrastructure for attackers to abuse. It’s easier than ever for attackers to go on the dark web, pay for a database of breached passwords, and then have their software do its work, thousands of login attempts at a time. Put simply, no matter what we do, the numbers game won’t be in our favour. </p>
<p>This is a problem that the technology industry has created, so it’s up to us to find the solution – one strong and convenient enough to keep consumers safe and attackers out. While new password guidance like the NCSC’s announcement could work, moving from passwords to biometrics is an even better idea. </p>
<p>This means using facial, fingerprint or retinal features to confirm a user’s identity. Newer tools like behavioural biometrics could come in too: this technology could verify someone’s identity by looking at their behaviour – including the way they type, hold their phone, or the websites they visit – to create a unique digital fingerprint. In cases when physical biometrics may not be enough, behavioural biometrics can fill the missing gap.</p>
<p>Passwords are one of our biggest vulnerabilities – but this is not the consumer’s fault. The fault lies with the technology industry. In the last ten years, our shift to a digital economy has created the perfect automation infrastructure for attackers to abuse. It’s easier than ever for attackers to go on the dark web, pay for a database of breached passwords, and then have their software do its work, thousands of login attempts at a time. Put simply, no matter what we do, the numbers game won’t be in our favour. </p>
<p>This is a problem that the technology industry has created, so it’s up to us to find the solution – one strong and convenient enough to keep consumers safe and attackers out. While new password guidance like the NCSC’s announcement could work, moving from passwords to biometrics is an even better idea. </p>
<p>This means using facial, fingerprint or retinal features to confirm a user’s identity. Newer tools like behavioural biometrics could come in too: this technology could verify someone’s identity by looking at their behaviour – including the way they type, hold their phone, or the websites they visit – to create a unique digital fingerprint. In cases when physical biometrics may not be enough, behavioural biometrics can fill the missing gap.</p>