Staying safe on the internet has grown harder over the past few years as both technology and hackers have developed. Recently though, hackers are gaining an edge by not just manipulating the tech, but by manipulating the users themselves. In 2018, weak or stolen passwords were tied to over 80% of security breaches and in 2019, there were over 150,000 security incidents and nearly 4,000 confirmed data breaches. In 2020 alone, more than 15 billion stolen credentials were up for sale on the dark web. All this data points out the fact that our current way of protecting data is flawed, but making a new way to protect it while still maintaining security and convenience is a high mark to hit.
But passwords are not the only way to log in - other authentication methods have been created and are in use right now. The reason that passwords and security questions are a weak form of protection is that they rely on a shared secret between the user and the service provider. This makes the user often responsible for remembering and protecting multiple passwords, and answers to security questions can commonly be found on a user's social media. Out of band voice confirms identity by calling a registered phone number, but this is easily bypassed due to the fact that voice calls are easily intercepted and redirected, and it also requires users to have a second device and be available to answer a call. Time based, one use codes are one of the more secure authorization techniques as they expire after a short period of time, giving hackers a smaller window of opportunity, but this is still vulnerable to SIM hijacking, malware, and push notification flooding attacks. Biometrics are some of the hardest authentication forms to fake, but tech that uses it suffers from false positives. Biometrics does remove the password that users need to remember, but is only secure if biometric data is stored locally and if leaked, people can’t simply change their fingerprint or face, making it highly sought after.
Learn more about a better approach to authentication methods eliminating the dangers of passwords here: