Biometrics

Heartbleed and passwords

by Mark Rowe

The most recent internet security breach, Heartbleed, has allowed the possibility for millions to be victims of compromised data. Hackers continue to find ways to get hold of traditional passwords, allowing them access to various personal accounts. The current resolution is for individuals to change their passwords, but this is not a long-term solve. Brett Beranek explores alternatives to passwords that can reduce the likelihood and impact of a data breach. He is the Senior Principal Solutions Marketing Manager, Enterprise at Nuance Communications, a voice biometrics product firm.

Internet security once again bubbled to the forefront of the news in the form of the now infamous Heartbleed, the latest internet security issue that rendered passwords and other confidential information vulnerable to the prying eyes of the malicious hacker. Already, law enforcement has started cracking down on hackers that have leveraged this security vulnerability with the prime example of the 19 year old computer science student being charged with swiping tax data on over 900 citizens.
Internet security experts are urging consumers to change all of their internet passwords – so have you? Ask your friends if they’ve changed their passwords following the Heartbeed scare. Despite the seriousness of threats like Heartbleed, it seems that sometimes we just can’t be bothered to do anything about it. We’ve simply become numb to internet security breaches. They happen so often that most of us simply shrug our shoulders when they occur and move on with our lives, without realizing the full extent of the risk.
Of course, deep down we know that our laissez-faire attitude is not the right thing to do. So let’s face the ugly fact – our society has an addiction to passwords. Change our password? What’s the point? The new password will still be vulnerable.

I’m not a person that typically places bets, but there is one thing that I know for certain, and I am willing to bet on it. There will be another major internet breach this year where passwords and other confidential data are compromised. The only question is when and at what scale. Will the breach be catastrophic, or simply devastating? Last year was described as “an epic year for data breaches” with over 800 million records compromised, with the largest breach at Adobe, where 152 million user names and passwords were stolen. Since most of us use the same password for all, or most, of our internet accounts, a breach of one of our passwords provides hackers with access to accounts that can be very damaging, notably our bank account. So the threat is very real, and if the past is any indication of the future, we will continue to see these security breaches and one day, each and every one of us will be affected by this recurring security nightmare. This means one thing: changing your password is not a long term solution.

So what are we going to do about it? We need an alternative. The alternative needs to be more secure, yes, but most importantly needs to be easier and more convenient if we are to adopt it. This is where biometric technologies offer a solution. Read this string of comments about voice biometrics by Vanguard customers posted on the Bogleheads investor forum. When biometrics is done right, consumers naturally gravitate to it because it’s quicker, easier and less frustrating than passwords.

Would biometrics have prevented Heartbleed? The answer is no. Heartbleed would have occurred regardless of the way we authenticate on the web. However, the impacts of Heartbleed would have been significantly diminished. Once your password is compromised, you’re toast. Bill Paxton’s eloquent quote in the hit sci-fi movie Aliens comes to mind, “Game Over Man, Game over!” With voice biometrics, the worst case scenario is that a data breach would allow a hacker access to a voiceprint to make a recording. Fortunately, voice biometrics offers an array of technologies to detect recordings, so the hacker would most likely get caught attempting to compromise that specific account, making the hacker unsuccessful. The types of massive breaches that we are continually seeing with passwords are not possible, and even the risk of a point attack on a single account is significantly reduced with voice biometrics.
I, for one, am looking forward to seeing more organizations deploy alternatives to passwords. Do you agree that it’s long overdue?

Related News

  • Biometrics

    Mobile notebook

    by Mark Rowe

    Fujitsu introduces the LIFEBOOK U938 – a version of its flagship mobile notebook for frequent travelers. The fully featured business notebook comprises…

  • Biometrics

    Terminals installed

    by Mark Rowe

    The French firm Morpho (Safran), through its local partner Olcsan, has supplied biometric fingerprint identification terminals to nine Turkish police stations, in…

  • Biometrics

    Shopping experience

    by Mark Rowe

    David Orme, SVP at IDEX Biometrics, writes of the role of biometrics in creating a secure shopping experience. The advent of online…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing