Improving security means killing the password, but that battle has just begun

Samsung Fingerprint Sensor Login Biometric

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Passwords are often cited as the biggest problem with modern digital security. They’re supposed to be complicated, unique, and ever changing, and yet few follow through with those tenets of strong password protections. That leads to reuse attacks or brute force hacks, which is why many security researchers are pushing to eliminate passwords altogether. Yet not everyone believes the security issue of our time is passwords. For some, it’s how those passwords are stored.

Want to stop hackers? Don’t give them something to hack

George Avetisov, the CEO of Hypr, believes the biggest problem facing modern digital security is password centralization. He points out that a secure password is pointless if it can be stolen when a company that maintains login information is hacked. Instead, Hypr wants to store login credentials – whatever they are – on the end user’s device.

When your bank gets hacked, you don’t lose your house keys because they’re in your pocket.

“When you authenticate through Hypr, your credentials are authenticated on your device locally and they are used to send a token to the bank, which is then approved,” he explained.

That, he says, makes companies far less attractive to hackers, as they can’t gain information on all users at the same time. It also clears up the problem of password reuse, since hackers can’t take stolen credentials and use them to breach another service.

“The analogy I like to think of is that when your bank gets hacked, you don’t lose your house keys because they’re in your pocket,” Avetisov told Digital Trends. “The only way for someone to steal them is to physically remove them from your pocket. That’s what decentralization is. It turns your password, your credentials, into something more like your house keys and less like your current password.”

While Avetisov is bullish about the future of security through decentralization, he doesn’t believe the average consumer will ever learn to take password security seriously. That’s why it’s important for companies to do something about preventing password reuse by removing the ability to attack everyone at the same time. That doesn’t solve reuse itself but ensures reuse attacks can’t be perpetrated on a mass scale.

A world beyond passwords means a world of convenience

Companies like Trusona, on the other hand, would rather focus on moving people beyond passwords entirely. That seems like a viable goal: The public likes the idea of logging into sites and services without passwords. In a recent research report Trusona published, 70 percent of participants opted to use a password-free login system with multi-factor authentication. That group enjoyed a 99 percent login success rate during the study, while those who used passwords saw a success rate of just 56 percent – often requiring reminders to help them login.

Although a multi-factor authentication system is more secure, Trusona believes the choice is often one of convenience, which could be the key to moving to a more secure, password-free future.

“The most successful authentication systems lead with user experience, but as a means for better security.”

“There’s a very real desire to get rid of passwords,” Trusona chief design officer Kevin Goldman told Digital Trends. “While some of that is rooted in anxiety around the security of information online, it’s mostly because of password rage. Consumers default to convenience, and when things aren’t easy to use, they find a workaround. It’s why most reuse passwords and why personal security practices are so sloppy.”

While convenience might be the key to moving consumers beyond passwords, that goes hand in hand with improving the security of the authentication system, too.

“The most successful authentication systems lead with user experience, but as a means for better security,” Trusona CEO Ori Eisen said. “The most widely adopted authentication system [of the future] will be the one that’s easiest to use.”

Although Eisen told us he’s not as sold on the idea of decentralized login credentials aas Hypr’s Avetisov, they both agree smartphones will hold the key to future improvements in our digital security. Where Avetisov believes smartphones should hold login credentials – acting as a form of multi-factor authentication as well as killing centralized password databases – Eisen believes they can be used for a mixture of login possibilities. Whether it’s in taking a picture of yourself holding photo ID, as TruSona uses in some of its more intense fraud prevention strategies, or through biometrics.

The password is dead, but it’s collateral damage

Both men see passwords as a dying technology. While Avetisov sees potential in strong passwords, he and Eisen are both keenly aware of how unpopular password logins are becoming. “The mainstream adoption of biometrics is effectively killing passwords as a primary authenticator and as a user experience,” Avetisov said.

George Avetisov
George Avetisov, CEO of Hypr George Avetisov

Eisen echoed his sentiments, claiming that the death of the password as the primary form of authentication wasn’t “a matter of if, it’s a matter of when.” Whether for convenience sake or to further improve our own personal security, the influence of passwords is likely to wane significantly in the years to come. While Eisen wants to accelerate that, Avetisov sees it as a byproduct of authentication evolution.

“Our goal is not to kill the password,” Avetisov said. “It is to kill the problem caused by passwords.”

Updated 06/27/18 to normalize Trusona capitalization.

Computing

Smishing sounds funny, but it’s a serious threat to your phone’s security

We all know phishing is a huge security problem, but most people still believe it’s a problem limited to email. According to new reports, however, phishing scams are attempting to exploit your trust in text messages.
Mobile

Get your gaming on the go with this list of the 25 best Android games

The Google Play Store is loaded with both terrific and terrible gaming titles. We vetted the store to bring you some of the best Android games available, whether you're into puzzles, shooters, racing games, or something else.
Computing

Want to set up your own virtual private network? Here's how

Take a look at our walkthrough for creating a virtual private network and why it is beneficial for more than just increased privacy and security. We go step by step, detailing how to set up a VPN in both MacOS and in Windows 10.
Movies & TV

‘What We Do In The Shadows’ turns Jemaine Clement into a creature of the night

With a career as unique as the man himself, Jemaine Clement’s star is still rising. From his HBO show (and band) Flight of the Conchords to his TV spinoff of What We Do in the Shadows, we dig deep into the funnyman’s many roles.
Product Review

Long live the king! Dell’s new XPS 13 defends its throne with ease

The redesigned Dell XPS 13 doesn’t reinvent the laptop’s winning formula, but does offer much-needed tweaks including the latest Intel hardware and a thinner, lighter body. Is it enough to keep Dell’s laptop at the top of our ratings?
Mobile

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.
Computing

Stay connected with the Surface Go LTE Advanced, coming November 20 for $679

The new Surface Go LTE Advanced model delivers benefits for anyone who is looking to enjoy LTE coverage and stay connected on Windows 10 when traveling on the road or away from home.
Computing

AMD is pulling ahead in the die shrink race with 7nm CPUs and graphics cards

AMD might have played second fiddle to Intel and AMD for a long time, but it has the potential to leapfrog both when it debuts its new 7nm CPUs and graphics cards in 2019, leading the die-shrink race for the first time in years.
Deals

Black Friday 2018: The best deals so far

Black Friday is the biggest shopping holiday of the year, and it will be here before you know it. If you can't wait until November 23 to start formulating a shopping plan, we've got you covered.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Gaming

The plug-and-play PC Classic joins the retro console bandwagon

Gaming company Unit-e is creating the PC Classic, a plug-and-play retro console that will come bundled with around 30 of the best DOS games. The system will support gamepads and keyboard setups.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they've accumulated files and misconfigured settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Best Buy’s pre-Black Friday deal takes $330 off the 2017 Surface Pro bundle

If you don't need the latest Surface Pro, Best Buy has a heavily discounted rendition of the 2017 model available in its pre-Black Friday sale. For just $1,000, you can get the tablet with a Core i5 CPU.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.