We are forever hearing about how our passwords are too weak and how by not having a complex password acting as a gatekeeper to our digital lives means we are opening ourselves up to cybercrime.
But despite overwhelming evidence of users and companies being easily exploited because of poor password practice, a worryingly large amount of people still do not take any corrective action.
We just have to look at the Ashley Madison hack to see just how lax people have become when it comes to creating passwords. When a research firm decrypted and analysed more than 11 million usernames and passwords on the Ashley Madison site, it found that the top three user passwords were ‘123456’, ‘12345’ and ‘password’. In fact, over 120,000 users chose ‘123456’ as their password to access the site.
Evidently there is a need, not only for better education about best password security practices, but also more personalised password protection.
The password problem
Today, people want to increasingly manage their lives on the go. In fact, European mobile users have an average of 26 apps on their phones and over half access social networking sites on these devices every day. Remembering the complex passwords and multiple user names to log into these various applications is where the password problem begins, especially when you consider that we are continuously reminded that passwords need to be a certain length and include various special characters. Given that the average consumer has around 25 passwords to remember, this gets complicated.
Therefore, it isn’t that surprising that recent Intel Security research found that one in three Brits do not even have the most basic password protection on their smartphones. It’s another hassle for those who want to get their day-to-day activities done as quickly as possible. But by not embracing passwords properly, users are setting themselves up for a fall. You only have to read the news to hear about the latest hacks on companies and individuals whose data becomes available for public viewing.
Passwords are the strongest gatekeepers to keeping your personal information exactly that - personal. So our trust in our passwords to keep hackers at bay needs to be the strongest it can be, especially in today’s threat landscape, and who better to trust to protect your personal data than yourself?
The trust factor
Biometric technology has been in the security spotlight plenty this year as a solution to this ever growing password problem. The authentication technology allows users to unlock apps, websites and devices using things unique to them, such as the distance between their nose and eyes, and instantly removes the hassle of having to remember complex passwords.
Essentially, with this biometric technology, you become the password and this not only makes accessing our digital lives much easier, it also makes it a lot more secure. A lot more secure than ‘123456’, that’s for sure, especially because the user is in complete control of their personal data and it can only be accessed by them and their defining features.
Biometric passwords, ultimately, bring the trust we have in our passwords to protect our digital selves from the potential risks back with the rightful owner. Behavioural psychologist Jo Hemmings summed it up nicely when she said that given how much time we spend looking at our own faces, it is perhaps no surprise that we can use own image as one which we trust the most.
Using uniqueness to your advantage
It is becoming increasingly apparent that the current username and password process isn’t working. Users default to what they know, and what they know they will remember, but this isn’t strong enough to protect our data and devices in today’s world where cybercrime is rife.
The Ashley Madison hack is a prime example of how both users and businesses have fallen victim to the consequences of poor password security.
Rather than relying on a password that 120,000 other people are using, we need to realise that the strongest, most unique password is one we have with us all the time – our face.
Nick Viney, VP consumer, mobile & small business at Intel Security