Reducing password-reliance in common identification and authentication processes requires a concerted global catalyst: the pandemic may be just the thing!
About 15 years ago, Bill Gates said at a cybersecurity conference in San Francisco that “passwords cannot meet the challenge of keeping critical information secure.” Fast forward to today, and we are still busy trying to create a world that is less reliant on passwords.
Yes, passwords continue to be used despite industry experts agreeing that their use should be reduced, if not totally replaced… mainly because we are all creature of habits and we normally go for better user experience over security. At the same time, businesses want to avoid the cost and complexity of developing and provisioning their own dedicated security solutions.
If we can no longer rely on passwords, we will need simpler and stronger authentication. According to the World Economic Forum’s Global Risks Report 2019, as much as 81% of hacking-related breaches were tied to weak, stolen or reused passwords.
As the Microsoft founder portended, these flimsy strings of alphanumeric characters and symbols have proved to be too-easily compromised by phishing or even simple social engineering.
Growing volume of digital identities
Increasingly, our lives are tied to online structures – or what technologists call digital platforms. Every day, new businesses with all-new business models designed to allow us to do all these things online are created. So, business transactions and trade are closely linked to these increasingly-common digital platforms.
Take e-commerce for instance. The e-Commerce Foundation have expected online transactions in Southeast Asia to almost double to US$158.9 billion in 2021 from US$83.4 billion in 2016. Therein lies the evermore critical need for enhanced authentication of online identities. According to a 2019 Identity Fraud Study, 14.4 million victims lost an alarming US$1.7 bn to identity fraud in 2018.
Global pandemic brings cyber insecurity
In the current global pandemic, governments and entire economies have had to quickly transition to an online-only model via remote-working, telecommuting. During this time, the World Health Organization suffered a five-fold increase in cyber-attacks.
Basically, cybercriminals will jump on these opportunities when people are anxious and confused. They will also take advantage of the careless, the uninitiated and the under-protected—like how many of us are using our passwords now.
What can be easier than passwords?
Any reliable authentication-tool as a replacement for passwords needs to enhance digital trust while minimizing disruption to the user experience. Authentication is now crucial for businesses. It needs to be part and parcel of their efforts in interacting with customers and building brand loyalty.
At the forefront of the adoption of next-generation authentication technology is the financial services industry. Mastercard recently introduced the Identity Check Express to simplify consumers’ online shopping experience in India. The mobile-first authentication solution combines behavioral biometrics, the latest EMV 3-D secure technology, as well as FIDO authentication standards to deliver an uninterrupted, yet secure shopping experience.
The new EMV 3-D secure authentication standards ensure an additional layer of security is in place for protecting card-not-present (CNP) purchases. The new authentication standard has been updated to accurately-reflect current and future market requirements, providing integration with digital wallets as well as traditional browser-based e-commerce transactions.
For businesses and consumers, this means a better user experience and reduced risks as there is no central customer biometric dataset, and the authentication data is stored on-device.
Staying ahead of identity theft
Cybercriminals will continue to be active—that is a certainty. They will be more organized and improve in sophistication and techniques.
Businesses will need to keep one step ahead of, or at least keep up with evolving security threats or they risk being laggards in cybersecurity awareness and preparedness. One of the first steps businesses can take in their cybersecurity journey is a step towards passwordless authentication in the future.