Heartbeat vs. hacker: How physical passwords can help solve our massive digital security problem

The latest in a long line of hacker attacks to hit Sony — this time on Sony Pictures — not only took out the company’s computer network, but also exposed sensitive company information.

Along with sales reports, employee salaries and syndication agreements, the hackers also found — and released — a log of employee usernames and passwords, many of which were revealed to be extremely weak. The attack also uncovered the company’s self-destructive practice of insecurely documenting passwords.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1614375,"post_type":"guest","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

Digital security is an ongoing issue for businesses and consumers alike. Recent phone hacking incidents involving email, eBay accounts and even nude celebrity selfies have exposed the risk of storing private information in the cloud and on mobile devices. Breaches like these leave everyday users vulnerable to identity theft, fraud and invasion of privacy.

While passwords are not the only piece of the security puzzle, they are the first line of defense in protecting both consumers and businesses. Poor password practices include the use of weak passwords, the reuse of passwords across multiple accounts, and the storage of passwords on digital devices.

When we mindlessly enter the same password for every account — from online banking, to office applications, to social media accounts — we make it too easy for hackers to steal our information, money and identity.

It’s true that most high-profile security breaches occur on the back end, but innovative security solutions that address at least part of the security problem are emerging — especially in the mobile payments space.

Passwords get physical

It may be that it no longer makes sense for passwords to be something you set, something that can be stolen. Passwords need to be something you are, something that’s harder to copy — or hack.

The move toward biological authentication is not new, but it is rapidly gaining traction. When Apple introduced a fingerprint scanner Touch ID in its iPhone 5S, the password landscape shifted, though the technology was far from new. Using biology as a password presented — for the most part — a win-win combination of speed and security (despite a few initial glitches).

With this biological authentication already in place, the stage was perfectly set for Apple’s iPhone 6 launch in September, with its accompanying digital payment system. ApplePay allows users to buy products in-store and online using their phones. But to be successful, it needs two things: security beyond a traditional password, and a frictionless experience for both consumers and merchants.

While Touch ID may be the most well-known example of thumbprint authentication, it’s certainly not the only one. In the U.K., MasterCard recently announced its first thumbprint biometric card, which replaces the need to enter a pin for purchases over 20 pounds. Users simply place their thumb over a special reader contained within the card. These cards are built on the success of existing NFC-enabled contactless payment cards and are just one of many examples in which contactless chip-based payments are being paired with biological authenticators.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1614375,"post_type":"guest","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

Identity authentication takes a new vein

Fingerprint scanning is also paving the way for more advanced biometric authenticators. Some financial institutions are now looking beyond a consumer’s digits, all the way into their veins in order to confirm their identity.

Recently, Barclays Bank introduced “finger-vein ID” readers that will allow customers to do away with PINs, passwords and authentication codes altogether, allowing them instead to access their bank accounts using an infrared scan of their unique vein pattern.

Canadian wearables company Bionym takes security one step further by using the biological data gathered from fitness devices as a form of identification. Bionym recently partnered with MasterCard to launch a wearable authentication pilot program, allowing Nymi wristband wearers to make contactless payments using an NFC chip in their band. The clincher? Authentication is determined by the wearer’s heartbeat, which must match that of the cardholder. The device will essentially allow runners to leave their wallets at home and pay for a Gatorade-on-the-go with a tap of their wrist and a beat of their heart.

The Nymi band and finger vein scanning may become viable alternatives to first-generation biological authentication technologies like Touch ID, but they are likely to be just the tip of the iceberg when it comes to body-based passwords, especially as consumers move toward using mobile devices and/or wearables for all of their day-to-day tasks, including making purchases.

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":1614375,"post_type":"guest","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

The future of passwords may look a lot like a sci-fi movie, but one thing is certain about these new forms of authentication: the shift toward physical passwords will be essential to new technologies that require seamless and secure identity verification.

That’s not to say this new generation of passwords will be immune to breaches. Recent hacks of TouchID on iPhone 6 demonstrate that security threats are inevitable and any kind of password becomes vulnerable when the stakes are high enough. The hope is that the more granular and individualized body based passwords get, the more resilient to security breaches they become.

What this means in the short-term is the days of relying on conventional passwords like “sportslover123” to stand between our data and a hacker are numbered. For companies and individuals facing the high costs of bad password practices, this future can’t come fast enough.

Michael Gokturk (@MichaelGokturk) writes on payments innovation and is the CEO/founder of Payfirma, a cloud-based platform that lets merchants process payments made online, in-store and via mobile device.

[aditude-amp id="medium3" targeting='{"env":"staging","page_type":"article","post_id":1614375,"post_type":"guest","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']