- Security TWENTY
- Women in Security Awards
If facial recognition and biometrics are here to stay, do passwords still have a place in the new normal? asks Rajesh Ganesan, pictured, vice president, at the IT management firm ManageEngine.
With the introduction of biometric and facial recognition technology, it seems that the world has already moved on from the standard password that was first implemented 60 years ago. Biometrics and facial recognition are becoming more commonplace in all areas of our lives. NatWest recently announced that it’s developing behavioural biometrics technology which could replace banking passwords from next year. Similarly, Eurostar is looking to get rid of passports in favour of facial recognition technology to speed up queue times at its terminals.
It’s encouraging to see this technology finally being implemented in an age where using a password feels outdated, but the inception comes with risks. As the world gradually adjusts to a new normal, with more people working remotely even as lockdowns lift, security risks are likely to increase.
Since the beginning of the pandemic, there has been an increase in brute-force attacks in which cybercriminals systematically submit multiple passwords until eventually gaining entry to an account. According to another recent report, there are as many as 15 billion compromised credentials and passwords currently for sale on hacker forums.
With more businesses looking to adopt remote working for the long haul, security teams need to assume that all work devices in their network have now been compromised in one way or another – with workers logging in to multiple systems every day as they alternate between home and office environments.
This may leave businesses them wondering; will passwords still have a place in this new world or is it time to wave them goodbye and opt for newer methods?
The strength of passwords
There are plenty of obvious benefits to biometrics and facial recognition. We’ve all been guilty of forgetting a password from time to time. A common way to counter this is to write the password down on a post-it note, but some would argue that this goes against the basic principles of cybersecurity and should be avoided. Biometrics on the other hand remove the pain point of forgetting the password and the risk of trying to make sure you can remember it easily. They streamline log-in processes, making things smoother and arguably safer.
As the password approaches its 60th birthday, it’s easy to assume it’s ready for retirement. Yet there are still many benefits to using a traditional password. For a start, there’s no grey area or margin for error as, for example, it has been shown that people have been able to open relatives’ phones via facial recognition apps.
The benefit of the traditional password is that it’s either right or wrong. There’s a reason passwords have been used for so long and that is because they are effective. A traditional password can be reset regularly if necessary, and if a password is breached, it can be changed or replaced which cannot be achieved in biometrics. If an individual’s biometric data is ever compromised, it can never be replaced.
A hybrid approach
Therefore, we can see that the traditional password is too robust a security method to retire completely. But businesses don’t have to choose between the traditional password and biometrics. They can have the best of both – a hybrid approach to security. The standard password should be used in tandem with other methods such as multi-factor authentication (MFA) and the encouragement of password complexity.
MFA provides additional security by adding layers of protection such as sending an authentication code to your phone once you’ve entered your password. The security of your organisation will become more robust with every layer that’s added. What’s more, with MFA in place, there is no need for periodic password resets. Complex passwords which are now mandatory when registering on many websites provides further protection against your account being breached.
Biometric technology can be used effectively with traditional passwords, adding increased protection. Apple enables this by giving users the option to login to their iPhones via face ID. If that fails, the user still has the option to use their traditional password. This could be the way forward.
Biometric technology definitely has a place in the new normal that we appear to be heading towards, enabling speed and ease in place of passwords without jeopardising security. But passwords still perform a vital functional and do it very well. Traditional passwords shouldn’t be brushed aside to make way for new technology until that new technology is absolutely fool proof.
For organisations that make the jump towards biometrics too early, the ensuing data breaches could be catastrophic. When used in tandem with MFA and password complexity, traditional passwords will continue fulfil their purpose in ensuring the ultimate level of security.