Improving security means killing the password, but that battle has just begun

Samsung Fingerprint Sensor Login Biometric

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Passwords are often cited as the biggest problem with modern digital security. They’re supposed to be complicated, unique, and ever changing, and yet few follow through with those tenets of strong password protections. That leads to reuse attacks or brute force hacks, which is why many security researchers are pushing to eliminate passwords altogether. Yet not everyone believes the security issue of our time is passwords. For some, it’s how those passwords are stored.

Want to stop hackers? Don’t give them something to hack

George Avetisov, the CEO of Hypr, believes the biggest problem facing modern digital security is password centralization. He points out that a secure password is pointless if it can be stolen when a company that maintains login information is hacked. Instead, Hypr wants to store login credentials – whatever they are – on the end user’s device.

When your bank gets hacked, you don’t lose your house keys because they’re in your pocket.

“When you authenticate through Hypr, your credentials are authenticated on your device locally and they are used to send a token to the bank, which is then approved,” he explained.

That, he says, makes companies far less attractive to hackers, as they can’t gain information on all users at the same time. It also clears up the problem of password reuse, since hackers can’t take stolen credentials and use them to breach another service.

“The analogy I like to think of is that when your bank gets hacked, you don’t lose your house keys because they’re in your pocket,” Avetisov told Digital Trends. “The only way for someone to steal them is to physically remove them from your pocket. That’s what decentralization is. It turns your password, your credentials, into something more like your house keys and less like your current password.”

While Avetisov is bullish about the future of security through decentralization, he doesn’t believe the average consumer will ever learn to take password security seriously. That’s why it’s important for companies to do something about preventing password reuse by removing the ability to attack everyone at the same time. That doesn’t solve reuse itself but ensures reuse attacks can’t be perpetrated on a mass scale.

A world beyond passwords means a world of convenience

Companies like Trusona, on the other hand, would rather focus on moving people beyond passwords entirely. That seems like a viable goal: The public likes the idea of logging into sites and services without passwords. In a recent research report Trusona published, 70 percent of participants opted to use a password-free login system with multi-factor authentication. That group enjoyed a 99 percent login success rate during the study, while those who used passwords saw a success rate of just 56 percent – often requiring reminders to help them login.

Although a multi-factor authentication system is more secure, Trusona believes the choice is often one of convenience, which could be the key to moving to a more secure, password-free future.

“The most successful authentication systems lead with user experience, but as a means for better security.”

“There’s a very real desire to get rid of passwords,” Trusona chief design officer Kevin Goldman told Digital Trends. “While some of that is rooted in anxiety around the security of information online, it’s mostly because of password rage. Consumers default to convenience, and when things aren’t easy to use, they find a workaround. It’s why most reuse passwords and why personal security practices are so sloppy.”

While convenience might be the key to moving consumers beyond passwords, that goes hand in hand with improving the security of the authentication system, too.

“The most successful authentication systems lead with user experience, but as a means for better security,” Trusona CEO Ori Eisen said. “The most widely adopted authentication system [of the future] will be the one that’s easiest to use.”

Although Eisen told us he’s not as sold on the idea of decentralized login credentials aas Hypr’s Avetisov, they both agree smartphones will hold the key to future improvements in our digital security. Where Avetisov believes smartphones should hold login credentials – acting as a form of multi-factor authentication as well as killing centralized password databases – Eisen believes they can be used for a mixture of login possibilities. Whether it’s in taking a picture of yourself holding photo ID, as TruSona uses in some of its more intense fraud prevention strategies, or through biometrics.

The password is dead, but it’s collateral damage

Both men see passwords as a dying technology. While Avetisov sees potential in strong passwords, he and Eisen are both keenly aware of how unpopular password logins are becoming. “The mainstream adoption of biometrics is effectively killing passwords as a primary authenticator and as a user experience,” Avetisov said.

George Avetisov
George Avetisov, CEO of Hypr George Avetisov

Eisen echoed his sentiments, claiming that the death of the password as the primary form of authentication wasn’t “a matter of if, it’s a matter of when.” Whether for convenience sake or to further improve our own personal security, the influence of passwords is likely to wane significantly in the years to come. While Eisen wants to accelerate that, Avetisov sees it as a byproduct of authentication evolution.

“Our goal is not to kill the password,” Avetisov said. “It is to kill the problem caused by passwords.”

Updated 06/27/18 to normalize Trusona capitalization.

Mobile

Rekindled yet again, Nokia’s next-gen phones offer more than just nostalgia

HMD Global, a startup that designs and builds Nokia Android smartphones, wants to put the Nokia brand name back “where it belongs.” It helps that it’s made up of ex-Nokia employees. We go behind the scenes to see how HMD formed.
Movies & TV

New trailer for 'The Punisher' season 2 teases a bloody showdown

The Punisher is getting a second season on Netflix, with Jon Bernthal returning to play Marvel Comics' gun-toting antihero Frank Castle. Here's everything we know about season 2 of The Punisher so far.
Product Review

'New Super Mario Bros. U Deluxe' is 2D platforming wizardry

New Super Mario Bros. U Deluxe is the latest Wii U game to come back from the dead on Switch. And wow, it’s much better than we remembered.
Computing

Nose cam no more. How Dell avoided a notch and fixed the XPS 13’s biggest flaw

The new Dell XPS 13 moves the webcam from the below the screen to the top, finally vanquishing the one obstacle facing thin, sleek laptop displays. We have the exclusive story on how it was done.
Computing

Faster new PCIe 5.0 standard leapfrogs the best feature of AMD’s Ryzen 3

PCIe 5.0 will bring even faster data transfers, but it may only be found on HPCs and servers initially. The standard is four times faster than your current PC at transferring data, and new devices could appear later this year.
Deals

From Chromebooks to MacBooks, here are the best laptop deals for January 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Product Review

LG Gram 14 proves 2-in-1 laptops don’t need to sacrifice battery for light weight

The LG Gram 14 2-in-1 aims to be very light for a laptop that converts to a tablet. And it is. But it doesn’t skimp on the battery, and so it lasts a very long time on a charge.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Computing

Protect your expensive new laptop with the best Macbook cases

If you recently picked up a new MacBook, you’ll want something to protect its gorgeous exterior. Here, we've gathered the best MacBook cases and covers, whether you're looking for style or protection.
Computing

Watch out for these top-10 mistakes people make when buying a laptop

Buying a new laptop is exciting, but you need to watch your footing. There are a number of pitfalls you need to avoid and we're here to help. Check out these top-10 laptop buying mistakes and how to avoid them.
Computing

Don't spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.
Computing

Dell XPS 13 vs. Asus Zenbook 13: In battle of champions, who will be the victor?

The ZenBook 13 UX333 continues Asus's tradition of offering great budget-oriented 13-inch laptop offerings. Does this affordable machine offer enough value to compete with the excellent Dell XPS 13?
Gaming

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 25 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

The Asus ZenBook 13 offers more value and performance than Apple's MacBook Air

The Asus ZenBook 13 UX333 is the latest in that company's excellent "budget" laptop line, and it looks and feels better than ever. How does it compare to Apple's latest MacBook Air?