World Password Day is this Thursday, May 2, but everyone knows the damage that weak passwords can cause. Why not use this day to talk about how other forms of authentication — like MFA, biometrics and behavioral analysis– can better protect consumers against fraud?
OneSpan recently commissioned a study of top financial institutions regarding passwords and other authentication practices. It found that:
– 96% of organizations still rely on legacy processes tied to usernames and passwords for authentication
– 44% are challenged by the use of legitimate credentials (exposed in data breaches) in account takeover attempts
-60% of respondents plan to invest in new multifactor authentication technologies in 2019, including those based on biometrics and AI/machine learning
Experts Comments:
Will LaSala, Director of Security Solutions, Security Evangelist at OneSpan:
For example, financial institutions today can look at situations and say, “This is an odd time for this person to do a transaction,” or “It’s an odd transaction.” The landscape for authentication has changed, and the number of data points have increased dramatically. These advancements in technology allow institutions to reduce false positives, identify fraud that they weren’t catching in real time and achieve those mutual goals.
Every transaction requires the same level of risk-based analysis. And that’s the promise of the latest innovations in adaptive authentication – that it will provide the precise level of security to the transaction at the right time. At a time when security controls have matured, and when artificial intelligence and machine learning are fueling a new era of effective analytics, banking and security leaders no longer need to choose between customer convenience and security. They can get both.”
Michael Magrath, Director of Global Standards & Regulations at OneSpan:
Unlike passwords, modern authentication technologies include “privacy by design” as the foundation. Standards-based authenticators including the FIDO Alliance balance usability with security while protecting privacy. FIDO’s specifications use public key cryptography enabling stronger authentication. When using a FIDO certified authentication, the user’s device creates a key pair. The private key remains secure in their device and registers the public key with the online service. Unlike passwords, no secrets are generated on the server side with user verification occurring locally at the authenticator whether that is a token smartphone or biometric. Moreover, unlike big databases, biometric data, if used, such as fingerprints or facial recognition never leave the device. Adoption of strong authentication is expected to become widely adopted at the consumer level, with WebAuthn, an official web standard, currently supported in Windows 10 and Android platforms, and Chrome, Edge, Firefox, with Safari expected to support it in the near future.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.