As more of us continue to work from home, the threat of cyber attacks continues to grow. Companies that did not have work from home protocols in place already before the pandemic struck struggled to make the transition, and hackers took note. As a result, phishing and hacking attempts are way up and companies are in jeopardy just because they are trying to remain in business.
One culprit is authentication methods. We’ve been reliant on passwords for so long that we can’t even imagine anything different, but as it turns out passwords aren’t actually all that secure. So how can we secure our online information without the use of passwords?
Authentication methods have changed over time. Passwords are just a shared secret, and easily guessable passwords are still quite common as are passwords that are reused over and over again. 81% of security incidents were due to weak or stolen passwords, and even when you use random strings of characters as a password you still have to write it down somewhere to keep track, making it totally insecure.
Most people know they shouldn’t reuse passwords, but the overwhelming majority do it anyway. Passwords serve as authentication to prove that we are who we say we are. But the problem is that passwords can be shared, stolen, or guessed and rely on shared secrets between the person wanting to log in and the website, app, or program where that person is wanting to log in. Currently there are 15 billion stolen credentials for sale on the dark web. Clearly passwords just aren’t cutting it anymore.
Newer authentication methods can be slightly more secure than this, but often not significantly. Out-of-band-voice authentication uses a phone call sent to a user’s known phone number, but phone calls can easily be intercepted and redirected and cell phones can be easily spoofed.
Security questions are often used to add an additional layer of security to multi-factor authentication, but again these are shared secrets that can easily be discovered – how often do you see people posting the results of strange quizzes trying to learn which member of a Disney movie they are?
Biometrics are pretty secure for now depending on your device, though photographs have been shown to fool some of the facial recognition software in use for this purpose.
Asymmetric cryptography uses certificate-based authentication instead of shared secrets. In practice, this means that authentication is based on things like IP address, device security posture, geolocation, and more.
Learn more about the future of authentication methods below.