Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Moving beyond passwords and 2FA

Image Description

Since the beginning of IT the humble combination of a username and password have secured our access to information. In today’s digital world this model is still the norm for both consumers and employees logging in to websites, applications, VPNs and cloud services. But it’s time for an urgent rethink because the model is broken.

Contrary to popular belief, the problem isn’t really about hackers brute force attacks to crack passwords, although this does happen. The real issue is the number and frequency of data breaches where user credentials are leaked and then made available for sale on the dark web. In fact, according to Verizon’s latest breach report, 80% of hacks today aren’t really hacks but bad actors simply logging in with valid user credentials they’ve obtained elsewhere.

It doesn’t matter how well we secure the pipes with strong encryption or how effective a Security Operations Centre (SOC) is, if someone can easily obtain credentials and log-in ‘legitimately’ our best efforts have gone to waste. Passwords are also the root cause of a terrible and stressful user experience, which might go some way to explaining why younger generations appear to have given up on applying them properly.

About the author

Ben Todd is Head of Worldwide Sales at Nomidio 

Password habits are getting worse, not better

You might imagine that digital natives, those younger generations born into a connected world, are more able to protect themselves online. Unfortunately, new research we commissioned confirms that younger generations have significantly riskier password habits than their parents, with 24% of those aged between 24 and 38 (Millennials) using the same password for all their accounts, compared to just 2% of baby boomers.

With 14% of younger generations reporting they have never changed their password it’s easy to see how the bad guys can use credentials stolen from one place to log-in somewhere else. Perhaps worse still it is now common for young people (62%) to voluntarily share credentials for services like Netflix with friends and family, perhaps sending them using unencrypted email or messaging accounts.

The purpose of this research isn’t to bash the young but rather to highlight that the way we ask people to authenticate today is too cumbersome for users and is in fact the root cause of the booming identity theft industry. It is telling that analysts from Gartner said in a recent report “Data breaches of personally identifiable information (PII) are rendering checking of static identity data (usernames and passwords) obsolete”.

2FA to the rescue?

The logical response over the last few years has been to layer additional ‘factors’ on top of the password. By asking people to validate their identity based on ‘something they have’, by entering a one-time passcode sent to their mobile phone or email, we can make life much harder for hackers.

Two-factor authentication or ‘2FA’ has grown in popularity and is now an integral aspect of the Strong Customer Authentication requirements for e-Commerce payments. The majority of large companies also ask employees to use 2FA when logging-in.

Unfortunately this makes a poor experience even worse as it really doesn’t make sense for someone’s identity to be tied to their device. What happens if you’re trying to log in to a work application to make a deadline while you’re out on the road and your phone runs out of battery? Or you use an authenticator app and then you lose your phone? Perhaps this is why only 25% of respondents to our survey said they regularly enable 2FA when it’s an option.

There are also question marks about how much longer 2FA will hamper the bad guys with a number of recent phishing attacks evolving to trick users into voluntarily disabling their 2FA protection. The problems with identity require root and branch reform, 2FA is a nice try but we need to be far more ambitious.

Is Multi-Factor biometrics the answer?

A multi-factor authentication approach based on biometrics has the potential to deliver a step-change in security and the user’s experience. In a world where employees are logging on across public networks, from anywhere, we can no longer offer them a ‘perimeter’. Instead we must invest in modern authentication that helps users to securely and easily access services whenever and wherever they want.

Rather than asking users to remember a password we store their biometric identifiers, a voice and face print, so we can authenticate against those across any device they’re logging in from. We combine the biometric check with additional ‘silent’ factors that increase security still further. So from a user’s perspective all they need to do is present their face and they’re in.   

With underlying protocols like OpenID Connect, website, application or cloud service providers can easily allow an identity provider to add biometric authentication on top of their systems. For the user this makes their biometric identity widely interoperable and behind the scenes it works in exactly the same way as logging-in with Facebook or Google.

With a well-engineered biometric authentication service we can also decouple someone’s identity from their device. We often describe this as ‘the Netflix effect’, because the biometric checking happens in the cloud rather than locally on a device a user can move between their laptop, phone or a third-party device and still log-on using their face. 

People have understood biometrics hold the answer to more secure authentication for a number of years but it’s been hard for all but the largest companies to deploy the technology. But the economics and complexity are improving and we believe we’re a great example.

If we’re serious about tackling identity theft and data breaches then we must transition away from usernames and passwords because they’re the reason that people need to store their personally identifiable information with lots of organisations. It’s that personal information that’s lost and which is then used to perpetrate more hacks.


02 Nov 2020



Other Blog

  • New MacBook Pro is already $50 off with Amazon's early Black Friday deals

    We're barely out of the pre-orders phase but Amazon's early Black Friday deals have already yielded a price cut on both the new Apple MacBook Pro 14 and Pro 16 - now starting at $1,949.99.

    Ok, so $50 off across the board isn't the biggest price cut in the world, but it's the first discount from this retailer and to date the lowest price possible on these stunning new ultrabooks.

    We've seen Amazon do this a few times - namely slightly undercut the launch price on new Apple releases just after the pre-order window closes. It's a cheeky move in our eyes, especially if you were one of the many who did initially pre-order, but for the late adopters, it's a good opportunity to get a little discount before Black Friday.

    And, we recommend doing so if you're looking to bag one of these stunning machines before the end of the year. With Black Friday around the corner and the ongoing chip shortages, we expect those delivery times to just go up and up.

    Note, Amazon's technically listing both baseline models as 'temporarily out of stock' right now but you can still put your order in. While this retailer hasn't listed an exact date for a restock, delivery dates on the official Apple Store are currently Nov 17 - Nov 24, so we'd say that seems like a realistic timeframe. 

    Looking for something cheaper? See more MacBook deals in your region just below.

    New MacBook Pro at Amazon

    Apple MacBook Pro 14 (M1 Pro, 2021): $1,999.99 $1,949.99 at Amazon
    Save $50 -
    Amazon's latest price cut on the stunning MacBook Pro 14 might not be huge, but it's a welcome discount and the first we've ever seen from the retailer. With Apple's latest M1 Pro silicone and mini-LED Liquid Retina XDR display, the new MacBook Pro 14 isn't just the perfect choice for content creators, but any professional who values power and portability. Highly recommended.

    Apple MacBook Pro 16 (M1 Pro, 2021): $2,499.99 $2,449.99 at Amazon
    Save $50 -
    And, you can get that same discount over on the new Apple MacBook Pro 16 this week with Amazon's early Black Friday deals. Alongside that slightly larger display (absolutely perfect for design work), this machine also features a beefier 10-Core CPU and 16-Core GPU, giving you a little more headroom on those intensive video rendering applications.

    If you're interested in other brands, check out our page on the upcoming Black Friday laptop deals.

    Read More
  • Twitter is going all-in on security keys

    Twitter now supports multiple security keys and the social network will soon allow users to use a security key as their only authentication method.

    Read More
  • Best graphing calculator 2021

    Graphing calculators are essential tools for both students and scientific professionals to help visualize some pretty abstract math. But which is the best graphing calculator for your specific need?

    Read More
  • Excel spreadsheet blunder sees thousands of positive Covid-19 tests go missing

    Tens of thousands of people who came into contact with sufferers were not warned, thanks to a quirk of Microsoft Excel.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us