Outdated identity authentication methods are putting us at risk, but can behavioral biometrics replace passwords?

According to research by Imperva, more data was stolen worldwide in January 2021 than in the entire 12 months in 2017.

Most stolen data – accounting for 75.9% – was personally identifiable information namely full name, gender, date of birth, location, religion, sexual orientation etc. 14.9% of data stolen in January was password and credential data.

Personally identifiable information (PII) is used to verify digital identity when an individual needs to gain access to their Facebook, Gmail, Instagram, online banking, health records or other accounts. Yet, there are technologies in existence today where the provision of PII to authenticate digital identities is, in fact, redundant. 

Apart from passwords.

In 1961, the first password was developed at the Massachusetts Institute of Technology giving researchers access to computer systems. Fast-forward 60 years, and the password is still providing access to systems but on a global scale and used by billions of people even though they are open to compromise.

As technology has evolved and helped increase efficiencies and productivity, and power new businesses and the global economy, the password has become synonymous with opening digital doors. However,  the troves of data stolen over the years demonstrate just how valuable passwords are to criminal organizations, and just how vulnerable they are to compromise.

Methods of password fortification have centered around adding barriers including one-time passwords, Captcha, security questions, and the provision of personal data by customers to prove their identity. But this has only increased the complexity of identifying online due to the steps a customer must take to authenticate online.

Clearly the situation is spiraling out of control but replacing or retiring passwords completely is much harder than it sounds. Especially as the world has used and been educated about passwords for sixty years, consumers understand and are comfortable with their use.

Rather, advanced technologies need to work with passwords in concert to build unique, secure digital identities, enabling easy authentication while preserving their privacy.

Digital identities are broken

Over the years, passwords have evolved from being straightforward pieces of code to requiring unique strings of case-sensitive letters, numbers and special characters, and sometimes personal information for authentication.

But the cost is privacy.

A Deloitte survey of 2,000 consumers in the US found that 91% gave their consent to terms and conditions without reading them. For younger people aged 18-34, the rate was even higher at 97%.

Whereas in a Callsign study of 1,000 US consumers, 40% said they were more concerned about their privacy online following the COVID-19 pandemic. A third of those concerned claim they don’t know what data is being collected about them by organizations online, and 26% say they feel as though they’ve had to share more as the pandemic has forced more services and businesses online.

Passwords to preserving privacy

The asking of a password, the jumping through additional digital hoops, and demand for personal data are the accepted – but outdated – practices for online entities to prove identity.  So too is the use of third parties to help in the verification process.

The answer lies in the layering of passive behavioral biometrics – i.e. screen swiping – as this preserves user privacy, adds frictionless security, and allows the online entity to verify the customer without requiring personal data.

Behavioral biometrics identify individuals through measurable patterns on mobile phones for example. The pressure an individual exerts when typing, or the way they swipe a device is totally unique and inherent to that person.

When logging on to their email, favorite website, or application, all that is required is a password and access is provided. In the background, dynamic software looks for malware or unusual behavior and intervenes if found; an intervention might be a question or a request for facial ID.   

Conclusion

When researchers logged onto their computer systems 60 years ago, all they had to do was enter a password without the need to provide answers to security questions or give away personal information to prove their identity.

But that was then. Now there is rampant theft of personally identifiable information, online fraud, and the endless demand for sensitive data to prove digital identity meaning a modern solution is required for a modern problem.

Behavioral biometrics and other technologies put the ownership and control of sensitive information back firmly in the consumers’ hands, leading to a reduction in online fraud and enabling secure, safe and unhindered digital journeys.