Is it time to ditch passwords for biometrics?

Are passwords dead? We know they’re a top target for hackers but do biometrics really offer a valid solution? Here we take a closer look.

Microsoft recently announced its ambitions to move away from passwords and towards biometric security for identification and authentication. 90% of the company’s 135,000-strong workforce can now reportedly log into the company’s corporate network without passwords, instead using biometric technology, such as facial recognition or fingerprint scanning.

And Microsoft isn’t the only place where the use of biometrics as a method of authentication can be seen to be growing. The technology is steadily increasing in popularity, from smart devices that can be activated using fingerprints or facial ID, to banks and other institutions now using voice recognition software.

When compared to passwords, the benefits of biometrics are clear. As they focus on biological characteristics, rather than the need to enter a random sequence of numbers and letters, they cannot be forgotten, stolen or forged (in theory anyway).

However, no system is fool proof and a new report from Experian has predicted that in the coming year, cyberattacks will focus on biometric hacking and expose vulnerabilities.

So, while biometrics present an opportunity, we’re not quite there yet and there is still the issue of how to make biometrics work alongside all the apps people need to log into. Accessing a single computer or phone is one thing, but other platforms then need to be accessed via the internet……and we’re back to using passwords again!

The big problem with passwords

One of the main problems with passwords is that they are such a pain to manage and keep safe. Password policies are also becoming more and more complex. Many systems now require lengthy passwords that include capitals, numbers and symbols. These can prove difficult to remember, which can lead individuals to use something familiar.

If you consider that the average worker needs to keep track of an average 191 passwords and that 61% admit to using the same or a similar password everywhere, the opportunity for hackers becomes clear.

A government report has revealed that nearly half the businesses in the UK fell victim to cyberattacks or security breaches in the last year and while there are a number of reasons that can happen, the ability for passwords to be hacked is often high on the list.

So, while we’re waiting for a more effective solution, what can we do about password security right now?

 3 easy steps for better business password security

 1.   Use a password manager

Password managers store the login information for all the websites you use and help you log into them automatically. They also help you generate and save strong, unique passwords when you sign up to new websites. Your information is encrypted and all you need to do is to remember one password – the master password. There are a few options out there and among the most highly rated are LastPass and 1Password. Whatever option you go for, it’s also important to keep software updated and to use antivirus software to keep your computer protected against threats.

 2.   Use multi-factor authentication

Password security can be greatly bolstered by adding in extra layers of checks, by using multi-factor authentication. For example, if you use a payment platform such as PayPal, then you may be asked if you wish to add a mobile number. If you opt for multi-factor authentication then to login and authorise a payment being made, you will not only need to enter your email address and password, you’ll also need to enter a code that is sent by text to your phone.

 3.   Educate employees on the risks

Employees and their use of passwords (and awareness of other threats such as phishing emails) is a high-risk area for most companies, which is why cybersecurity remains one of the key issues on the corporate agenda. Even the most comprehensive security systems and processes can be infiltrated if gaps are opened up by misuse. One of the best ways to combat this is to introduce regular training and awareness sessions for employees, to help them stay up to date on potential threats and how they should deal with them. This should include support for using and managing passwords securely.

For more advice on enhancing password security for your business, see: Do I need a company password policy?

Don’t let your company be an easy target. Contact the Dragon IS team on 0330 363 0055.