Improving security means killing the password, but that battle has just begun

Samsung Fingerprint Sensor Login Biometric

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Passwords are often cited as the biggest problem with modern digital security. They’re supposed to be complicated, unique, and ever changing, and yet few follow through with those tenets of strong password protections. That leads to reuse attacks or brute force hacks, which is why many security researchers are pushing to eliminate passwords altogether. Yet not everyone believes the security issue of our time is passwords. For some, it’s how those passwords are stored.

Want to stop hackers? Don’t give them something to hack

George Avetisov, the CEO of Hypr, believes the biggest problem facing modern digital security is password centralization. He points out that a secure password is pointless if it can be stolen when a company that maintains login information is hacked. Instead, Hypr wants to store login credentials – whatever they are – on the end user’s device.

When your bank gets hacked, you don’t lose your house keys because they’re in your pocket.

“When you authenticate through Hypr, your credentials are authenticated on your device locally and they are used to send a token to the bank, which is then approved,” he explained.

That, he says, makes companies far less attractive to hackers, as they can’t gain information on all users at the same time. It also clears up the problem of password reuse, since hackers can’t take stolen credentials and use them to breach another service.

“The analogy I like to think of is that when your bank gets hacked, you don’t lose your house keys because they’re in your pocket,” Avetisov told Digital Trends. “The only way for someone to steal them is to physically remove them from your pocket. That’s what decentralization is. It turns your password, your credentials, into something more like your house keys and less like your current password.”

While Avetisov is bullish about the future of security through decentralization, he doesn’t believe the average consumer will ever learn to take password security seriously. That’s why it’s important for companies to do something about preventing password reuse by removing the ability to attack everyone at the same time. That doesn’t solve reuse itself but ensures reuse attacks can’t be perpetrated on a mass scale.

A world beyond passwords means a world of convenience

Companies like Trusona, on the other hand, would rather focus on moving people beyond passwords entirely. That seems like a viable goal: The public likes the idea of logging into sites and services without passwords. In a recent research report Trusona published, 70 percent of participants opted to use a password-free login system with multi-factor authentication. That group enjoyed a 99 percent login success rate during the study, while those who used passwords saw a success rate of just 56 percent – often requiring reminders to help them login.

Although a multi-factor authentication system is more secure, Trusona believes the choice is often one of convenience, which could be the key to moving to a more secure, password-free future.

“The most successful authentication systems lead with user experience, but as a means for better security.”

“There’s a very real desire to get rid of passwords,” Trusona chief design officer Kevin Goldman told Digital Trends. “While some of that is rooted in anxiety around the security of information online, it’s mostly because of password rage. Consumers default to convenience, and when things aren’t easy to use, they find a workaround. It’s why most reuse passwords and why personal security practices are so sloppy.”

While convenience might be the key to moving consumers beyond passwords, that goes hand in hand with improving the security of the authentication system, too.

“The most successful authentication systems lead with user experience, but as a means for better security,” Trusona CEO Ori Eisen said. “The most widely adopted authentication system [of the future] will be the one that’s easiest to use.”

Although Eisen told us he’s not as sold on the idea of decentralized login credentials aas Hypr’s Avetisov, they both agree smartphones will hold the key to future improvements in our digital security. Where Avetisov believes smartphones should hold login credentials – acting as a form of multi-factor authentication as well as killing centralized password databases – Eisen believes they can be used for a mixture of login possibilities. Whether it’s in taking a picture of yourself holding photo ID, as TruSona uses in some of its more intense fraud prevention strategies, or through biometrics.

The password is dead, but it’s collateral damage

Both men see passwords as a dying technology. While Avetisov sees potential in strong passwords, he and Eisen are both keenly aware of how unpopular password logins are becoming. “The mainstream adoption of biometrics is effectively killing passwords as a primary authenticator and as a user experience,” Avetisov said.

George Avetisov
George Avetisov, CEO of Hypr George Avetisov

Eisen echoed his sentiments, claiming that the death of the password as the primary form of authentication wasn’t “a matter of if, it’s a matter of when.” Whether for convenience sake or to further improve our own personal security, the influence of passwords is likely to wane significantly in the years to come. While Eisen wants to accelerate that, Avetisov sees it as a byproduct of authentication evolution.

“Our goal is not to kill the password,” Avetisov said. “It is to kill the problem caused by passwords.”

Updated 06/27/18 to normalize Trusona capitalization.

Computing

Latest SMS breach could allow hackers access to your online accounts

A new security breach that exposed more than 26 million text messages could be a huge nightmare for users relying on two-factor authentication. Many of the SMS on the database contained security codes and account reset links.
Gaming

Every rumor about the PS5, including a new game from Luminous Productions

PlayStation 5 rumors have been circulating for over a year now but there's still plenty we don't know. Here's everything you need to know about the PS5, including rumors about its release, specs, and games.
Mobile

Samsung patents show what Infinity-O display could look like on Galaxy S10

While we still may be months away from an announcement, there's no doubt about it: Samsung is working hard on its successor to the Galaxy S9. Here's everything we know about the upcoming Samsung Galaxy S10.
Mobile

No cash. No talking. What goes next? Welcome to your ‘app-tive’ digital life

Bank of America's 2018 Trends in Consumer Mobility Report found mobility has changed our lives. Mobile tech influences how most of us communicate, meet people, build relationships, and handle money as we move toward a cashless society.
Computing

Razer’s BlackWidow Lite is a mechanical keyboard designed for work and play

Razer's latest keyboard comes with a minimalist design that will appeal to professionals. But don't let the all-black aesthetics fool you, as the BlackWidow Lite comes with mechanical keys that makes it a great gaming companion.
Computing

Microsoft’s Always-Connected PCs gets more powerful with 64-bit app support

Microsoft announced that developers can start creating 64-bit apps for Always-Connected PCs powered by Snapdragon processors. The Windows Store will also begin to accept 64-bit app submissions for Microsoft's Windows on ARM.
Computing

Nvidia admits its 2080 Ti cards have a problem, but isn’t saying what it is

Nvidia has admitted that there is a wider problem affecting its RTX 2080 Ti Founders Edition cards, despite earlier claims to the contrary. It has also promised to continue working with affected consumers to replace dead cards.
Computing

The MacBook is smaller, the MacBook Air is faster, but which is better?

This year, Apple's MacBook Air got a powerful internal upgrade, but the redesign makes it slimmer and lighter. So should you get the MacBook Air over the MacBook? We'll compare both notebook's major features and help you decide.
Deals

The Best Black Friday Deals from Best Buy in 2018

We've been hard at work assembling all the best Black Friday deals Best Buy offers in 2018 and putting them in one place to save you time and money this holiday season. From laptops to TVs, game consoles to smart speakers and much more…
Computing

HDR monitors are beginning to have an impact. Here are the best you can buy

HDR isn't the most common of PC monitor features and is often charged at a premium, but the list of available options is growing. These are the best HDR monitors you can buy right now.
Computing

Four fake cryptocurrency apps were listed on the Google Play Store

It is a dangerous time to be going after crytocurrency on Android. Four bogus cryptocurrency apps were spotted on the Google Play Store this week, according to a report from cybersecurity researcher Lukas Stefanko. 
Computing

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you, step by step.
Computing

Microsoft Surface Pro 6: Everything you need to know

The Surface Pro 6 is officially here, though it's not as big of a redesign as you might have hoped. With a new coat of black paint and an 8th-gen processor, this is a small update. If you've been eyeing a Surface Pro, you may want to wait…
Computing

Turn your iPad into a display for your new Mac Mini with this workaround

The folks at Luna Display have figured out a workaround which lets you get the best of both worlds and use Wi-Fi and an adapter in order to turn your iPad into a display for the 2018 Mac Mini.