Security

03:15 PM
Jonathan Camhi
Jonathan Camhi
Slideshows
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Must. Kill. Passwords.

Three companies at Finovate showcased alternatives to ineffective passwords for online authentication.
Previous
1 of 3
Next

Passwords have become a double-edged catastrophe for online authentication. On the one hand, they have done little to stem the tide of data breaches and cyber attacks that has hit the banking and payments industry hard over the last year. On the other hand, they are a source of frustration for users and customers that interrupt a smooth customer experience. Plus, people have so many passwords now it seems impossible to remember them all.

“Passwords make everyone crazy. Every time I see a username and password screen, I know I just lost the next three to four minutes of my life,” David Schropfer, CEO of Anchor ID, one of the companies presenting at Finovate, summed up during his demonstration.

Anchor ID was one of several Finovate presenters this week that aimed to disrupt the username and password paradigm. Anchor ID offers users a single username ID for every site they log into. When that ID is entered into the username field on a login page, instead of filling in a password, the user clicks the login button. The user then gets pinged on their mobile phone by the Anchor ID app to confirm their sign in. Additional authentication factors like a PIN and biometrics can be layered on. Only after authenticating with the mobile device will the user be allowed to begin his web session.

 

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mapsoft
50%
50%
Mapsoft,
User Rank: Apprentice
10/20/2014 | 5:24:55 AM
Re: Password overload
Interesting, but not always ideal. Unfortunately the mobile phone idea is flawed as well. How often are you in an area where your mobile phone has no reception? This is the case for most of the time in my office. So this might entail wandering around the countryside waiting for your text to arrive. This is now turning the 4 minutes into 30 mins.
Kelly22
50%
50%
Kelly22,
User Rank: Author
10/2/2014 | 1:24:11 PM
Re: Password overload
Now there's an idea I haven't heard yet! I'm not sure how music could be worked into the changing password space, but I can see it sparking interest. As you note below, security measures that are fun will inevitably be more successful than others. 
Becca L
50%
50%
Becca L,
User Rank: Author
9/30/2014 | 5:23:33 PM
Re: Password overload
Why stop there - music too! I don't have all the science on hand, but there's plenty to suggest human minds remember the sounds and lyrics to favorite songs years later. Altzimers patients have even demonstrated music recall. I have no idea how this could be leveraged in the world of passwords, but I would gladly incorporate Beyonce or a Disney soundtrack with my convenetional text password.
Becca L
50%
50%
Becca L,
User Rank: Author
9/30/2014 | 4:45:45 PM
The future is here!
I love the concept of EyeLock because it's bringing the elite / sci-fi capabilities into the here-and-now, just like the iPhone5 made fingerprint authentication more accessible and realistic to the masses.  This attraction can make logging in not only a secure and seamless process, but users might think it's "cool" to do it. Surely if security is in any way fun, it's going to be more successful than if it's simply tolerated.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
9/29/2014 | 8:56:55 PM
Re: Password overload
The idea of using pictures for passwords is not new.  It has been around for more than two decades but the simple forms of pictorial passwords were not as useful as had been expected.  For the UNKNOWN pictures that we manage to remember afresh are still easy to forget or get confused, if not as badly as random alphanumeric characters.

This Japanese-made Expanded Password System known as Mnemonic Guard is new  in that we make good use of KNOWN images that are associated with our episodic/autobiographic memory.  Since these pictures are the least subject to the interference of memory, it enables us to manage dozens of unique strong passwords without reusing the same password across many accounts or carrying around a memo with passwords on it.  Furthermore, we no longer need to manage to remember the relations betweens accounts and passwords because each account shows its own picture matrix.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
9/29/2014 | 8:50:55 PM
Re: Password overload
The Expanded Password System is up and running in various applied models over several years in Japan.

Should you be interested to know more, you could refer to

(h t t p : / /)  mneme.blog.eonet.jp/default/files/outline_of_mnemonic_security.pdf

 

 

 

 
Kelly22
50%
50%
Kelly22,
User Rank: Author
9/29/2014 | 3:36:38 PM
Re: Password overload
All good points and interesting info, I didn't know that about human memory capacity. You're right that today's devices are capable of handling an image-based system. I wonder when we'll see those become reality. 
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/29/2014 | 8:46:49 AM
Re: Password overload
That's a very good point. I seem to recall sitting in a meeting with a tech company in the last few yers (I think it was Microsoft cut can't remmeber) where someone was talking exactly about this solution to the problem. Images could be the future of the password.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
9/29/2014 | 3:42:49 AM
Re: Password overload
We could kill the password only when there is an alternative to the password.  Something belonging to the password (PIN, passphrase, etc.) and something dependent on the password (single-sign-on, password managers) cannot be the alternative to the password.  Neither can be something that has to be used together with the password (biometrics).

It is said that at the root of the password problem is the cognitive phenomena called "interference of memory", by which we cannot firmly remember more than 5 text passwords on average.  What worries us is not the password, but the textual password.  The textual memory is only a small part of what we remember.  We could think of making use of the larger part of our memory that is less subject to interference of memory.  More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

Most of the humans are thousands times better at dealing with image memories than text memories. The former dates back to hundreds of millions of years ago while the latter's history is less than a fraction of it.  I wonder what merits we have in confining ourselves in the narrow corridor of text memories when CPUs are fast enough, bandwidth broad enough, memory storage cheap enough, and cameras built in mobile devices.
Kelly22
50%
50%
Kelly22,
User Rank: Author
9/26/2014 | 3:47:21 PM
Password overload
Loving this quote: "Every time I see a username and password screen, I know I just lost the next three to four minutes of my life" - now that I have a different password for pretty much every site I log onto, I can definitely relate. Each of these tactics is not only more secure than a password, but creates less of a hassle for the user. I'd try any of them. 
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.