Will Passwords Soon be a Thing of the Past?

In the first post of the series ‘The Future of Access Control’, we talk about why it is time to move on from password protection to biometric authentication.

Passwords have long been the default method for protecting our digital assets, from bank accounts to social media. The professional world has also become reliant on the use of passwords to protect access to secure networks, devices, and sensitive data. Yet, as the cyber threat landscape evolves, the password is no longer fit for purpose. At present, 61% of corporate cyber breaches can be attributed to password theft [1]. Instead, organisations should be making the move to more effective approaches, such as biometric authentication.

The Current Face of Online Fraud

With the rise of cloud computing, the modern cyber-criminal has got plenty of tools at their disposal. By harnessing the incredible processing power of the cloud, hackers can utilise bots to generate a staggering 100 billion password combinations per second [2]. This means that even a strong 8-character password may be broken is as little as twelve minutes, and an organisation’s network is breached and sensitive data put at risk. And those who deal with cryptocurrency have also fallen victim to fraud, due to the insufficient protection yielded by passwords. Already this year, Blockchain bridge Wormhole was defrauded of $320 million in Ethereum cryptocurrency, which was accessed by “hot wallets” such as internet-connected laptops or smartphones [3]. Businesses must also be vigilant against theft committed in person. The technology needed to clone traditional RFID cards has already been available for more than a decade.

Serious Legal Consequences

With online networks and physical premises at risk from cyber-crime, the onus is on organisations to adequately protect themselves from a data breach. Such a breach is not only disastrous for a company’s reputation: under legislation brought in by the EU’s General Data Protection Regulation (GDPR) act in 2018, the ICO (Information Commissioner’s Office) has the power to issue hefty fines to organisations which have had data stolen. These fines are currently set at up to €20 million or 4% of annual turnover, whichever amount is the greatest, with the high financial cost of suffering a data breach expected to act as a motivation for organisations to install more robust security protocols.

Biometric Authentication Holds the Key

With password and legacy RFID card issues, companies are now looking for new ways to ensure the security of their networks, devices and premises. A highly effective solution exists in the form of the fingerprint sensor technologies. By issuing employees with an ID access card with integrated biometric authentication technology, organisations can successfully protect themselves from the threat of fraudulent access. With a biometric card, passwords are made redundant, with the fingerprint acting as an unforgeable token for authorising access to workplace buildings or online networks. This has the added advantage of protecting networks in the event that employee devices such as laptops are lost or stolen.

It’s time to recognise the limitations of passwords, and biometrics offers the opportunity to embrace new technology to provide secure access and greater convenience. As cyber criminals look for new weaknesses to exploit, biometrics provides a robust defence both now and in the future.



[1] https://duo.com/blog/identity-fraud-rises-61-percent-of-breaches-caused-by-stolen-credentials
[2] https://theconversation.com/a-computer-can-guess-more-than-100-000-000-000-passwords-per-second-still-think-yours-is-secure-144418\

[3] Source text from Idex