If you’ve broken up after sharing an HBO Go login, you understand the problems with passwords. Maybe you were the magnanimous one who shared the login info. If so, you may have changed it out of spite (or a respect for good password practices).
But maybe you didn’t. Then your ex shared the login info with Alex – after all, Alex needed to catch up on John Oliver. And Alex’s roommate Sarah was dying to revisit GoT, so of course, Alex texted her the login info. Does it stop there?
It doesn’t. It won’t. And it’s why biometrics matter.
The Password Problem
The HBO Go scenario captures a critical issue with passwords: Namely, that passwords can be shared. That sounds convenient, but it’s also what makes them so easy to use them for nefarious purposes. If an asset can be co-opted by someone else, you can guarantee that hackers will pursue it.
Since passwords can be shared, they can also be stolen, which is why infrastructures that rely on passwords can be porous. When a person shares a password with someone else – particularly if the recipient’s password practices are poor – the sharer is weakening their own security. A password doesn’t prove that the authorized user is the same as the one logging in. It’s just a bit of information, and whoever has it has the access of an authorized user.
Save Tokens for the Arcade
The weakness of passwords has led some teams to implement tokens as part of their cybersecurity strategy. The problem is that tokens aren’t that much more secure. It is slightly harder for a hacker to get access to someone’s token, and tokens do require less server space. But a token system is expensive to implement, and managing it is time-consuming for the IT team.
Moreover, adding another “rung to the ladder” doesn’t necessarily improve a system’s security. Multi factor authentication is touted as good practice for logging in not because of the additional step(s). It’s because it does a better job of authenticating identity than a username and password.
The Key to Robust Security
Human behavior is what makes passwords ineffective, but human features are the key to secure authentication.
Hypothetically, one could steal or spoof biometric data as well, but going about it is much harder thanks to the uniqueness of biometric identifiers. Additionally, biometric technology is quickly improving its defenses against spoofing or credential theft.
But most importantly, biometrics are inherently safer than passwords because they eliminate most of the fundamental issues with them. Their uniqueness means that you’ll truly be the only one that uses them. Plus, they fit in seamlessly as part of a multi factor authentication system. Adding a step to biometrically authenticate is relatively quick, and the technology is only getting faster and easier to use.
With most types of technology, users have to make compromises. But biometrics offer convenience, security, and easy integration into existing security systems. If this is compromising, then compromising looks an awful lot like having it all.