Does the latest Twitter bug herald the end of passwords?
James Romer, chief security architect at SecureAuth + Core Security, says YES.
Passwords have been falling out of favour for years, and not just from a user perspective. In addition to the problems associated with password reuse for multiple sites and devices, the number of data breaches arising from weak or stolen passwords has jumped from 63 per cent to 81 per cent in the last three years.
Even though Twitter users’ details were not exposed to malicious actors in this instance, businesses would be irresponsible if they continued to rely solely on usernames and passwords. It’s time to look seriously at how they provide identity security. Ultimately, we need to ditch the password completely.
Twitter’s recommendation of activating two-factor authentication just isn’t enough. To provide robust identity security, organisations need to go further than just two-factor authentication.
Implementing adaptive authentication that combines techniques such as geographic location analysis, device recognition, IP address based threat services, and phone fraud prevention will help tackle the threats at the identity level efficiently.
David Kennerley, threat research manager (EMEA & APAC) at Webroot, says NO.
The security industry is no stranger to hype, and we should be wary of rushing to consign passwords to the history books.
Biometrics like fingerprints and voice and facial recognition are increasingly being touted as go-to methods for securing devices and services. However, they are also a risk in themselves.
Hackers have successfully used face masks to access the new iPhone X, and fingerprints are suspected to have been stolen in a data breach involving smart vending machines, for example. If biometric data is stolen by hackers, there is no “security question” reset. It cannot be replaced or altered – it is part of you.
As such, the humble password should remain core to security – with augmentations. Authentication should be based around multiple factors – for example, device that you have (such as a phone), something that only you know (your password), and a piece of biometric information.