In late September, Yahoo revealed that state-sponsored cyberattacks compromised at least 500 million of its user accounts — the largest cybersecurity breach from a single site in history. The attacks prompted a renewed focus by the Obama administration on its fight against cybercrime that includes a new initiative and website called “Lock Down Your Login.” Led by the White House, the National Cyber Security Alliance and a handful of technology and finance companies, the initiative is the latest in efforts to educate the masses on the risks of relying solely on traditional passwords. Rather, extra layers of authentication are recommended, and are more likely to thwart breach attempts.
Traditional Passwords Still Have a Place among Consumers
The call to action by administration officials to add extra layers of authentication to citizens’ login process isn’t new; the initiative actually kicked off in February. But given the number of breaches still popping up in the news, there’s clearly still more work to be done. A recent survey polled 4,000 adults in the United States and United Kingdom on their opinions about passwords and approaches to using them. The results were quite surprising, for despite the massive push toward creating unique passwords for different online accounts, only 16 percent of respondents said they do so. More vexing is that one-quarter of respondents fail to create complex passwords for their financial accounts.
The surprising results of the survey illustrate that consumers are, for whatever reason, not swayed enough by cybersecurity breaches to follow password best practices. The onus therefore falls on businesses and digital identity providers to move beyond the traditional password and strengthen authentication even more.
It’s important to note here that “strengthening” authentication means more than just devising tortuous password-driven authentication flows. (Taking that tack will actually just frustrate users and tarnish the digital customer experience.) Rather, savvy businesses are adding two- or multi-factor authentication functionality and promoting it among their users.
Strong Authentication Methods Are Important Next Step
Security experts have advocated for two- and multi-factor authentication for quite some time. These extra layers of security involve combining a traditional username and password with a biometrics or device-driven step like a fingerprint or one-time code sent to a user’s mobile phone. For high-risk transactions such as those for financial or healthcare institutions, another step is added for even more security.
The experts aren’t the only ones in support of two- and multi-factor authentication. According to the aforementioned survey, 52 percent of respondents prefer to log in to their online accounts through a modern authentication method like fingerprint scanning, voice recognition or iris-scanning technology. And, 80 percent of consumers that expressed a preference believe biometric authentication is more secure than traditional usernames and passwords.
While it’s true that the traditional password’s future looks bleak, we still have a lot of work to do before businesses and their customers can abandon it completely. Educational help from the government and private sector is a good start. But to support their efforts and spark a true shift in consumers’ reliance on traditional passwords, businesses must make two- and multi-factor authentication methods available — and easy to use — whenever possible. By embracing strong authentication, businesses can help deter widespread cyberattacks and provide consumers with a better and more secure customer experience than a traditional password ever could.
Patrick joined Gigya (News - Alert) in 2007 and has led the company's vision, strategy and operations. Before joining Gigya, Patrick co-founded a suite of social applications and served as a consultant for L.E.K. Consulting, a strategy consulting firm. Patrick holds a bachelor's degree from Harvard University.
Edited by Alicia Young