People can crack passwords, but not the fingerprint

In security terms, the humble password became redundant years ago. So why, asks Aaran Fronda, has it taken so long for the biometric alternative to reach the masses?

 
Feature image
Better late than never: it's taken a long time but biometric technology is finally here to replace the feeble password

This autumn, MasterCard will launch an amazing new app that will finally allow customers to approve online payments using facial or fingerprint recognition. This is great news, as biometrics are the next logical step in the never-ending battle to protect people’s data from hackers and other nefarious individuals who want to get their hands on personal information.

In an interview with CNN Money, Ajay Bhalla, MasterCard’s Chief Product Security Officer, explained that the motive for transitioning to biometric verification was partly that “passwords are a pain”. He is right of course, but, more importantly, they are also pretty useless. One need only look at the recent slew of celebrities that have had their phones hacked and their most intimate images leaked online to realise this.

One of the most common misconceptions about hacking is that it is carried out by computer geniuses who use advanced techniques to crack passwords

Candy from a baby
But it isn’t just celebrities that fall prey to hackers. Big business has been stung a number of times. One of the biggest recent hacks, in both scope and severity, was when Sony’s PlayStation Network was broken into and millions of customer accounts were compromised. Bank details were stolen, giving Sony a massive PR headache to say the least.

One of the most common misconceptions about hacking is that it is carried out by computer geniuses who use advanced techniques to crack passwords like a bank robber attempting to break into a vault. The reality, however, is far less impressive, and not only proves that a degree in computer science is not at all necessary to earn the title of hacker nowadays, but also that passwords are simply no longer fit for purpose.

One of the simplest ways around a password is the security question or, more precisely, the simplicity of the answer to it. Websites often ask questions designed to be mundane enough for the individual to remember them, but personal enough that a would-be hacker could never figure them out. Questions like ‘who was your favourite teacher?’ or ‘what is your mother’s maiden name?’ are very common.

On the surface, answers to such questions appear impossible for many friends, let alone strangers, to ascertain. However, thanks to the trend for putting all of one’s personal information online via social media platforms, many of the responses to these generic lines of questioning are just a click away.

“This is part of a too-often overlooked part of hacking, known as social engineering”, explained technology writer Ben Branstetter in an article for The Kernel. “And it’s not just your passwords that are at risk. In 2011, security firm Bancsec showed how, with little more than an email and a phone call, you could rob a bank of $25,000 with no one the wiser. So, with just a little bit of Googling and an understanding of human nature, you, too, can be a master hacker.”

A better way
Biometrics, however, are a very different matter, and render amateur hacking techniques useless, leaving personal data far less vulnerable. The simple reason for this is that biometrics identify an individual based on unique physiological characteristics, such as fingerprints or retina images. Even the way someone talks can be analysed to accurately verify their identity.

Due to the uniqueness of biometrics (two people sharing the same biometric data is practically impossible) along with the fact that the data cannot be shared or copied, biometric security is the logical solution for securing information in the digital age. But, if it is the natural successor to the password, why has it taken so long to get to consumers?

While biometric technology has been around for a long time, it has taken a little longer for the makers of many consumer products to adopt it. Nowadays, most people who purchase a laptop or smartphone will notice that it comes with fingerprint recognition technology as standard. This is part of a much bigger trend within the tech sector, which is the result of far cheaper sensors and increased demand from the financial services industry.

It is a shame it has taken so long for the technology to reach the mainstream, because it would have helped millions of people avoid the loss of data and money. But, as the old adage goes, it’s better late than never.