Passwords have long been a way to authenticate a user’s identity, proving that an individual has the right to access certain files or data. But sophisticated hackers and nation-states are getting better at cracking them, and some cyber security managed services providers are suggesting solutions that supplement or even bypass passwords.
Best practices — including developing complex passwords and not sharing them and utilizing training to avoid getting ensnared in “phishing” and other social engineering schemes aimed at getting users to divulge information or to click on malicious links — are still important. But it increasingly looks like the future of authentication may lie with innovative and advanced technologies that offer enhanced security and user convenience.
A biometric solution
One potential replacement is biometric authentication, which leverages unique physical or behavioral traits of individuals to verify their identity. Unlike passwords, which can be forgotten, stolen, or easily cracked, biometric data is inherently linked to an individual, making it a more secure and reliable method.
Facial recognition, for example, is already being used in a variety of settings, from unlocking smartphones to airport security. Advances in machine learning and computer vision mean that facial recognition systems have become increasingly accurate, and capable of distinguishing between identical twins or even recognizing faces across different ages. The user-friendly nature of facial recognition makes it an appealing alternative to passwords, providing a seamless and intuitive authentication experience.
Emerging alternatives include fingerprint authentication, which offers a quick and convenient way to access devices or secure sensitive information; and behavioral biometrics, or analyzing patterns of user behavior, such as keystroke dynamics, mouse movements, or even the way individuals interact with touchscreens. These behavioral traits can be unique to each user and are difficult to replicate, adding an extra layer of security to the authentication process. Behavioral biometrics can adapt to changes in user behavior over time, making it a dynamic and responsive authentication method.
Microsoft’s Windows “Hello,” for example, lets employees use fingerprint, facial recognition, or iris recognition as an alternative method for unlocking a device. With Windows Hello, authentication is triggered when the employee provides their unique biometric identifier while accessing the device-specific Windows Hello credentials.
The Windows Hello authenticator can also authenticate and allow employees onto an enterprise network. Authentication does not roam among devices, is not shared with a server, and cannot easily be extracted from a device. If multiple employees share a device, each employee will use his or her own biometric data on the device.
Blockchain technology, perhaps best known for its use in Bitcoin transactions, also has the potential to transform authentication by providing a decentralized and tamper-resistant identification method. Blockchain enables the creation of secure and transparent digital identities, reducing the risk of identity theft and unauthorized access — and decentralized identity systems give users greater control over their personal information, allowing them to share only necessary details for authentication without exposing sensitive data.
Businesses that adopt biometric data and other identifiers may be able to reduce their risk of being successfully attacked by bad actors. They may also enhance customer loyalty, since consumers who are confident that their personal data is safe are more likely to give it up. The increased interaction also means that merchants and other entrepreneurs will be able to learn more about their clients and how they can best be served.
A layered approach provides more security
Bio-based and other multifactor authentication methods can help secure sensitive data, but they are not standalone solutions. A comprehensive cyber security effort should also encompass such components as ongoing Security Incident Event Monitoring (SIEM), and a 24x7x365 Security Operations Center (SOC).
SIEM is a cyber security layer that collects and tracks information or data and serves as a warning that hackers or other cybercriminals are probing the user — enabling a cyber security partner to detect and respond to threats faster and more efficiently. Then a well-designed, scalable SOC service will integrate real-time automated monitoring with 24x7x365 human expert analysis of critical infrastructure device logs. Using industry best practices, SOC response teams initiate threat mitigation and remediation either remotely or on-site, providing managed detection and response (MDR) that proactively protects against ransomware and other threats.
When businesses pair cyber security best practices in hardware and software with security awareness training, employees can be more alert about avoiding phishing and other types of social engineering cyberattacks. And when personnel follow a company’s IT policies and best practices, adhering to applicable data privacy and compliance regulations, they will be in a better position to spot potential malware behaviors and report possible security threats.
Data is more valuable than ever. Consequently, the incidence of ransomware and other dangerous threats continues to multiply. Businesses that embrace appropriate security, learning, and other resources to defend themselves are less attractive to hackers — who typically want to make a quick incursion — and reduce the chance they will be victimized by digital criminals.
Carl Mazzanti is president of Mazzanti Technologies in Hoboken, New Jersey, providing IT consulting services for businesses ranging from home offices to multinational corporations.