Improving security means killing the password, but that battle has just begun

Samsung Fingerprint Sensor Login Biometric

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Passwords are often cited as the biggest problem with modern digital security. They’re supposed to be complicated, unique, and ever changing, and yet few follow through with those tenets of strong password protections. That leads to reuse attacks or brute force hacks, which is why many security researchers are pushing to eliminate passwords altogether. Yet not everyone believes the security issue of our time is passwords. For some, it’s how those passwords are stored.

Want to stop hackers? Don’t give them something to hack

George Avetisov, the CEO of Hypr, believes the biggest problem facing modern digital security is password centralization. He points out that a secure password is pointless if it can be stolen when a company that maintains login information is hacked. Instead, Hypr wants to store login credentials – whatever they are – on the end user’s device.

When your bank gets hacked, you don’t lose your house keys because they’re in your pocket.

“When you authenticate through Hypr, your credentials are authenticated on your device locally and they are used to send a token to the bank, which is then approved,” he explained.

That, he says, makes companies far less attractive to hackers, as they can’t gain information on all users at the same time. It also clears up the problem of password reuse, since hackers can’t take stolen credentials and use them to breach another service.

“The analogy I like to think of is that when your bank gets hacked, you don’t lose your house keys because they’re in your pocket,” Avetisov told Digital Trends. “The only way for someone to steal them is to physically remove them from your pocket. That’s what decentralization is. It turns your password, your credentials, into something more like your house keys and less like your current password.”

While Avetisov is bullish about the future of security through decentralization, he doesn’t believe the average consumer will ever learn to take password security seriously. That’s why it’s important for companies to do something about preventing password reuse by removing the ability to attack everyone at the same time. That doesn’t solve reuse itself but ensures reuse attacks can’t be perpetrated on a mass scale.

A world beyond passwords means a world of convenience

Companies like Trusona, on the other hand, would rather focus on moving people beyond passwords entirely. That seems like a viable goal: The public likes the idea of logging into sites and services without passwords. In a recent research report Trusona published, 70 percent of participants opted to use a password-free login system with multi-factor authentication. That group enjoyed a 99 percent login success rate during the study, while those who used passwords saw a success rate of just 56 percent – often requiring reminders to help them login.

Although a multi-factor authentication system is more secure, Trusona believes the choice is often one of convenience, which could be the key to moving to a more secure, password-free future.

“The most successful authentication systems lead with user experience, but as a means for better security.”

“There’s a very real desire to get rid of passwords,” Trusona chief design officer Kevin Goldman told Digital Trends. “While some of that is rooted in anxiety around the security of information online, it’s mostly because of password rage. Consumers default to convenience, and when things aren’t easy to use, they find a workaround. It’s why most reuse passwords and why personal security practices are so sloppy.”

While convenience might be the key to moving consumers beyond passwords, that goes hand in hand with improving the security of the authentication system, too.

“The most successful authentication systems lead with user experience, but as a means for better security,” Trusona CEO Ori Eisen said. “The most widely adopted authentication system [of the future] will be the one that’s easiest to use.”

Although Eisen told us he’s not as sold on the idea of decentralized login credentials aas Hypr’s Avetisov, they both agree smartphones will hold the key to future improvements in our digital security. Where Avetisov believes smartphones should hold login credentials – acting as a form of multi-factor authentication as well as killing centralized password databases – Eisen believes they can be used for a mixture of login possibilities. Whether it’s in taking a picture of yourself holding photo ID, as TruSona uses in some of its more intense fraud prevention strategies, or through biometrics.

The password is dead, but it’s collateral damage

Both men see passwords as a dying technology. While Avetisov sees potential in strong passwords, he and Eisen are both keenly aware of how unpopular password logins are becoming. “The mainstream adoption of biometrics is effectively killing passwords as a primary authenticator and as a user experience,” Avetisov said.

George Avetisov
George Avetisov, CEO of Hypr George Avetisov

Eisen echoed his sentiments, claiming that the death of the password as the primary form of authentication wasn’t “a matter of if, it’s a matter of when.” Whether for convenience sake or to further improve our own personal security, the influence of passwords is likely to wane significantly in the years to come. While Eisen wants to accelerate that, Avetisov sees it as a byproduct of authentication evolution.

“Our goal is not to kill the password,” Avetisov said. “It is to kill the problem caused by passwords.”

Updated 06/27/18 to normalize Trusona capitalization.

Computing

How Razer forged the Blade 15, the slim gaming laptop nobody else could build

With the recent launch of the Blade 15, Razer ushered in a new design language that's cleaner and more angular. We recently visited Razer's San Francisco, California design studio to learn more about Razer's approach to design.
Product Review

Alexa microwaved my corn and it creeped me out

When Amazon introduced its Alexa-compatible microwave, we found the concept strange. Our second thought was whether it would also be an Amazon speaker. We got our hands on the appliance at Amazon’s event. Here’s what we learned.
Product Review

Invisible until you need it, SimpliSafe is a no-hassle way to watch your home

These days, there a lot of do-it-yourself home security systems out there. How do you choose? Simplisafe’s latest offering brings together beautiful hardware and the ability to customize your home security package. We do wish that we…
Mobile

Samsung exec confirms upcoming Galaxy S10 will sport 'very significant changes'

While we still may be months away from an announcement, there's no doubt about it: Samsung is working hard on its successor to the Galaxy S9. Here's everything we know about the upcoming Samsung Galaxy S10.
Computing

How to enable dark mode in MacOS Mojave

Learn how to enable dark mode in MacOS Mojave! As Mac's latest update gears up to hit all Mac systems later this year, the public beta for Mojave is nearly open for you to test out the latest features. One of the most in-demand changes is…
Computing

MacOS Mojave launches on September 24. Here's what we like about it so far

Mojave is the latest version of MacOS, and it's out now. Chock-full of quality-of-life upgrades, we took it for a test drive to get a sneak peek at what you can expect from the next major update to MacOS.
Computing

Critical MacOS Mojave vulnerability bypasses system security

Security Researcher Patrick Wardle has discovered a critical MacOS Mojave security flaw that could potentially allow malicious applications to bypass Mac's system security controls.
Emerging Tech

Microsoft and Shell build A.I. into gas stations to help spot smokers

Shell and Microsoft have created a system for gas stations that can spot someone who's smoking or about to smoke. The platform uses multiple cameras, local computing power, and Microsoft's cloud intelligence system to do the job.
Computing

If your data is found on the dark web, Firefox Monitor will let you know

Firefox is finally launching its Firefox Monitor service and you don't have to use the Firefox browser to access it. Monitor scans the dark web to see if your email address has been leaked as part of a past data breach.
Computing

Chrome OS update could make switching to tablet mode far easier

Google is working on an update for Chrome OS that would make its browser-based operating system much easier to operate in tablet mode, even with the new, streamlined user interface.
Emerging Tech

Teaching machines to see illusions may help computer vision get smarter

Researchers are teaching computers to see optical illusions. The reason? To create smarter, more brain-like vision recognition algorithms for everything from robots to autonomous cars.
Computing

How many GPU video ports is too many? The Aorus RTX 2080 packs seven

Aorus' new RTX 2080 graphics card wants to turn up the new-generation GPUs to 11 with greater cooling, RGB lighting, and a whole host of video port options that give anyone more than they'll likely ever need.
Virtual Reality

Virtual reality breaks free as the HTC Wireless Adapter hits store shelves

Gamers can now break free from wires as the HTC Wireless Adapter hits store shelves, allowing HTC Vive users to connect their headsets wirelessly to their Windows PC without the need for cable tethers.
Computing

Here’s what we want to see from the Surface Studio 2

Check out our list of the top rumors and wishes for the Surface Studio 2! Microsoft is likely to announce the Studio 2 this year: The iMac competitor first arrived with massive touchscreen and many design-friendly elements, but was severely…