While digital transformation efforts have seen an end to countless legacy approaches that were neither cost effective nor efficient, there is one that still persists: passwords.
Managing authentication with usernames and passwords is an approach that has been around for over 60 years. Yet with cyberattacks growing in sophistication, relying on passwords to protect our most valuable data is not only proving ineffective, but a significant risk to businesses and their customers.
Why do we need to move beyond passwords?
We’re spending more time in the digital space which has led to password overload. According to NordPass, the average user has approximately 100 passwords to remember or manage.
At the same time, there are countless recent events which demonstrate the inherent risk that passwords pose to customer and business security. For example, ForgeRock‘s 2021 Identity Breach Report revealed a 450% surge in breaches containing usernames and passwords globally.
This is how traditional passwords work:
- A person creates a username and password.
- That username and password is stored centrally.
- When the person attempts to login, the system verifies their credentials against the username and password stored centrally.
- If the data matches, the person gets access.
The security issues with this approach are four-fold. The first is the database of usernames and passwords, which is a key target for hackers. The second is that passwords can be intercepted while the data is in flight to the server. The third is that a simple password can take seconds for an automated cyberattack tool to decipher. And the fourth is that a complex password is ridiculously hard to remember thus causing friction and often requires the user to store the complex password in an unsafe way.
Attempting to stem the password security problem has resulted in a range of potential quick fixes, such as:
- Longer and more complex passwords;
- Frequent password changes; and
- Two-factor authentication.
These “fixes” are highly inconsistent with shifting consumer expectations around user experience and ease of access, which begs the question:
How do we fix the security risks and user experience issues that the legacy password approach presents?
Introducing Haventec’s 4 Digit PIN
Our mission at Haventec is to enable simple, safe and secure access by providing a genuinely passwordless technology that completely eliminates passwords and shared secrets. Recent findings from NordPass tell us that users want simple passwords that are easy to remember. They also want to reuse that same password across accounts. In other words, they want a single key that they can use to access all their applications.
Haventec Authenticate’s patented technology enables users to achieve this outcome beautifully and securely with biometric and pin options.
And whilst biometric based passwordless authentication provides superior security to passwords, our position is that a pin should still be high on the consideration list of buyers looking to implement passwordless authentication for three main reasons:
Familiarity
Users are simply familiar with PIN-based authentication and conditioned to use it to authorise sensitive transactions on ATMs, banking and government applications. This lowers barriers to adoption as you transition users away from passwords.
Accessibility
Whilst mobile devices with biometric capability are now somewhat ubiquitous, desktops and laptops are still catching up and require additional hardware or biometric keys to enable biometric authentication, thus introducing cost and friction. Customers can use a PIN on any device resulting in a seamless and consistent experience. They can even securely use the same PIN for all their applications as it is not stored anywhere.
A PIN can be changed
A PIN can be changed while a fingerprint or face ID are immutable – and a fingerprint can still be hacked quite easily according to TechSpot.
Haventec’s PIN in a nutshell |
|
A PIN is a secret between a user and their device. The application does not hold or need to protect any of the user’s private login details. In fact, the PIN is not stored anywhere and is known only to the user. Authenticate breaks access to the user’s identity into multiple parts, separated into multiple locations. Two sets of keys are changed and re-encrypted for every Authenticate transaction, and the architecture is quantum computer resistant. The best part is that the user never sees any of this – all they know is that they were able to access the application securely in a split second. |
There’s never been a better time to go passwordless
As cyberattacks become increasingly sophisticated, and the need to provide a fast and seamless user experience becomes essential to success, organisations must start evaluating the efficacy of the traditional password approach.
With its elegant user experience and seamless integration with your existing infrastructure, Haventec Authenticate makes it easy to rapidly onboard new users and provide a consistent and secure access experience every time.
