Never again will a password be secure enough. At least not memorable. There are more and more services that include two-factor authentication systems, and even three or more, but the problem is being able to give more than one security key to the same door.
There are those who choose to have a lot and keep them in a password managerbut also those who prefer to use password generator tools and that there are too many of them on the net, but the truth is that they will never fully fulfill their role. And this is where other alternatives, such as biometric data, start to have a good chance when it comes to cybersecurity of devices and accounts, which keep sensitive user material.
According to data from Gartner, one of the world’s most reputable technology consulting firms, between 20% and 50% of open IT support cases are for password recovery requests. According to studies by the same firm, 80% of security breaches are based on weak or reused passwords, which shows how necessary it is for users not to repeat passwords or even the terms of their Passwords.
It is precisely this problem that companies that manage banking, retail or social media sites often have to deal with. Juan Pablo Arias, Director of Engineering at Fortinet Chile, indicates that the idea is to use multiple credentials, not just one user and one password, but several. This is where double authentication or multi-factor authentication systems come in.
There are three problems in the sector, says Arias. First of all, he mentions that passwords, due to the high number of platforms and profiles in stores or web pages, are very difficult to manage. Then it gives users a bad experience and, finally, to the two factors are added the problems of Security. “A trend and a solution that arises in the industry is two-factor authentication, but it is also called multi-factor authentication (MFA), and that makes life more difficult for hackers, but also easier for hackers. users,” he says.
The idea of these systems is based on the following principle: companies -or platforms- have something the user knows, which can be a password; something that has in his possession, such as a physical token or an application (OTP); Yes something specific to youand which can be translated as biometric information such as face or fingerprint, and that’s something that banks use a lot today. Or smartphones, which include the reading of fingerprints or facial identification of users.
Authentication systems, argues Arias, should not be static. “It shouldn’t just be the face, because it could be a picture of you and I hacking into a system, but it could also include a gesture or a movement, so it’s harder to determine if it’s you or not”, he says. These tools must be dynamic and adapt according to the user’s needs or reasons for use.
For example, if you want to perform a banking transaction for a very small amount, the platform may request an additional key, token or biometric verification. But if the amount jumps to around five million, he says, and also to someone who has never transacted before, the app or website may ask for other means of verification there. “The idea is to always have more security, but on the side of the user”, he specifies.
More about Think digital
In the technology and computer industry, it is something that is already integrated, and there are applications that generate unique passwords that never repeat themselves, which helps users to access their different accounts with a greater great security. Or even, as well as some banking applications that are used to verify transactions and in which you only have to approve or deny, and which even accuse a third party if you try to buy something with your own card in a store on Internet.
Today there is a tendency, says Arias, to removing passwords to “permanently erase passwords”. In recent days Apple has released a new series of releases, including products but also tools. For some years they have been experimenting with the Touch ID system, with which users can access their computers with their fingerprint, but this time they have gone further.
The company, in collaboration with Alphabet -owner of Google-, announced that it will launch by the end of the year a password compatibility system for e-mails or bank accounts, only through the fingerprint, in a single registry that will allow Android and iOS users to access certain sites only by putting your fingerprint.
“The idea is to maintain the culture of security, but on the other hand, they focus on disturbing the user less, so that it is also a more transparent and user-friendly experience with their applications”, explains the expert. And the case of Apple, which relies on biometrics to implement its technology, is just one example. The user’s own systems can also correspond to USB “keys”, which are essentially thumb drives that function as an unlock. “Wallets in the cryptocurrency world have a physical key, for example, which basically means you don’t have anything digital, but it has a device with some type of sensor to read,” he says. .
As for double authentication systems, ideally they should not be integrated with the main platform. If it is, for example, a banking application, that the verification tool is external to the main tool. “It’s not so bad when you are directed elsewhere or have a third party take care of the security part, because today there are companies specialized in this field, but if the same one who develops all the logic of the bank is the one who sees the security part, it’s probably not so good“, assures Arias, of Fortinet.
Despite the obvious security that these tools can provide, the expert assures that there may be risks. For example, in the case of a biometric face verification system, someone tries to impersonate the user with a photograph, and for this reason it is relevant that it is dynamic and non-static tools. Whether they can ask for the user’s profile, face, or other angle. Even if you want to provide greater security to Internet users, they can be supplemented with voice recognition and different tones, gestures.
“Rememberable passwords, on average, can be cracked in less than an hour because they use the brute force method, with a program that tests all combinations. I can have a document with my passwords or a manager, but if someone comes in, they can see them all… It’s a problem that still has no end,” he says.
This is the first complication, he says. Then the one that remains in force is phishing, which despite being a strategy known to users, many are still vulnerable and one of the main causes of data misappropriation or information theft.
#Biometrics #gaining #ground #seeks #replace #passwords #Tercera