The events of 9/11 prompted governments around the world to tighten airport and aircraft security overnight, which had been relatively lax up until that morning. Likewise, the pandemic, and the onslaught of cyber attacks and threats targeting displaced workforces, has likely been the inflection point that pushed the world to embrace new authentication technologies.
When it comes to remote-work security, passwords are doing more harm than good. In the last week alone, remote workers attempting to access San Francisco Airport’s systems remotely had their credentials compromised, after the airports websites were hacked; and the usernames and passwords of half a million Zoom users, who had their accounts hacked last month, went up for sale on the dark web this week.
Earlier in 2020 — pre-pandemic — Marriott Hotels suffered a massive privacy breach, where the records of 5.6 million guests were exposed after just two employees had their passwords compromised.
These examples highlight two things: how vulnerable corporate systems and databases are when they are protected by passwords, and how attractive companies become to criminals when they store user login credentials in their databases.
It’s likely that Coronavirus-related attacks will continue to highlight how weak passwords are, hopefully driving us to adopt smarter authentication technologies that don’t put us at unnecessary risk.
Biometrics is one of those technologies, and its come a long way in the past decade, where its now at the point where it can securely replace passwords. Unlike passwords, a user’s unique biometrics and characteristics can’t be guessed or cracked.
Advances in machine learning, including deep learning, have substantially boosted the security and reliability of facial recognition systems, which have enabled new research directions in novel authentication modalities, like behavioral biometrics; where users are authenticated by how they interact with smartphones and desktops rather than via their physical characteristics.
These authentication techniques allow us to authenticate users based on how they interact with their devices, rather than via their physical characteristics. They don’t require user attention and can, therefore, be used for continuous authentication. With continuous authentication, the user’s device continuously monitors the user (by processing keystrokes or smartphone movements in the background) and makes frequent authentication decisions based on this data.
New authentication protocols that combine these advancements with emerging privacy-preserving technologies, such as secure multi-party computation and zero-knowledge cryptography, allow for biometric data to be stored securely.
As with all emerging technology, despite its readiness and potential, widespread adoption can be slow; but unprecedented events can also often lead to decisive action.
The pandemic and subsequent cyber threats are the most significant disruption to organizational security in modern history. It has presented, however, a silver lining; the unplanned shift to remote environments has helped push us forward into an era of enhanced security and privacy – something that sorely needed.
Once organizations make the inevitable decision to modernize autentication and identity management with next-generation biometric solutions, we will significantly enhance online security and privacy — effectively ending an area of scams, hacks and attacks caused by compromised and weak credentials.
This is a repost of an Article written by Paolo Gasti — Chief Technology Officer at Keyless Technologies featured in Infosecurity Magazine