18.05.2020 Article in Security Insider from Stephan Schweizer
The concept of the password goes back a long way – even Ali Baba gained unauthorized access to the cave of the thieves with the magic words “Open Sesame!”. This article describes the development of the password from then to now, explains why passwords are outdated and takes a look at the password-free future with biometric alternatives.
“Open Sesame!” – these magic words gave Ali Baba access to the thieves’ treasure trove and is an original form of the password. In ancient Rome, in the magical world of Harry Potter, in the military and in numerous fairy tales and films, magic words and formulas are also used for access control. Consequently, the concept of the password did not just emerge in the course of digitalization, although it has since become increasingly important and has become an integral part of the everyday life of Internet users. Today’s treasure troves to be protected include online accounts, e-mail inboxes, social media profiles, cloud storage and online shop applications. The treasuries contain not only material things, but also sensitive personal information, images and memories. The more content Internet users share with online applications, the more important it is to protect the digital treasure troves.
The rise and fall of passwords
In contrast to antiquity or the early Middle Ages, today everyone has a multitude of treasure chambers that need to be secured. The magic words are “12345”, “hello”, “password” or “f3gh4mnl7op!1e”. Welcome to the age of 1001 passwords. There is a dichotomy between security and user-friendliness, because easily remembered passwords are also easy to guess. However, passwords that are used multiple times are not a good solution either, and invite the thieves of modern times, also known as hackers, into other people’s treasure troves.
After all, the thieves have also perfected their methods, although the approach then and now is similar. Back then, hundreds of years ago, attackers relied mainly on guessing passwords, i.e. brute force attacks of the simple kind, or on the weaknesses of the victims, i.e. social engineering attacks. Both methods still have a high success rate today. The range of social engineering attacks extends from phishing to CEO fraud and is the most popular attack method used by hackers with the aim of stealing passwords. Brute force attacks are based on the trial and error principle and can occur, for example, with the help of a password list in the form of a dictionary attack. Other popular methods are SQL injections and keylogging.
When the first hacker attacks took place in the 1980s, it was not yet foreseeable that cyber security and cyber crime would become the basis of a billion-dollar business only a few years later. In 2018 alone, German companies spent 4.1 billion euros for the first time on hardware, software and services in the IT security sector. And in view of the rising number of cyber attacks worldwide, the trend is still upwards. But private individuals are also affected: In 2018, 19 million people in Germany became victims of cybercrime.
Biometrics – the magic formula of the future
The good news is that not only hackers are becoming more sophisticated, but also the methods of cyber defence. One of these is biometric authentication, which is already being used regularly by many users, for example when unlocking mobile devices or notebooks using fingerprints or face recognition. This type of authentication combines the highest security standards with user-friendliness, because the obligatory forgetting and resetting of passwords is now history.
Biometrics is also a decisive factor during an online session, because the risk of a cyber attack is always present. With a customer identity access management (CIAM) solution, continuous behaviour analytics is possible thanks to an integrated machine learning process. Personal metric data such as keystrokes, typing speed, touch screen pressure and swiping behavior are recorded and compared with the user profile, which is precisely created after a few sessions. In this way, the user can be automatically authenticated at any point in the online session without disruptive interruptions.
Biometrics is therefore a decisive factor in the IT security of the future, as biometric features cannot be forgotten, stolen or passed on. Ideally, internet users will have a digital identity based on biometric features that they can use to authenticate themselves in all services and applications and that they can also use for access controls on company premises, airport controls or payment transactions.
Thanks to biometric authentication, magic and passwords like “Open Sesame!” could soon be history. And even if Ali Baba’s tale might have been less exciting under the circumstances, since Ali Baba would have already failed at the rock gate of the treasury or would have been convicted in the cave of the thieves due to unauthorized access at the latest, a password-free future is inevitable. Because 1001 passwords are too many for any good memory artist.