Heartbleed, the most recent internet security breach, has allowed the possibility for millions to be victims of compromised data. Hackers continue to find ways to get hold of traditional passwords, allowing them access to various personal accounts. The current resolution is for individuals to change their passwords, but this is not a long-term solve. Brett Beranek explores alternatives to passwords that can reduce the likelihood and impact of a data breach.
Last week, internet security once again bubbled to the forefront of the news in the form of the now infamous Heartbleed, the latest internet security issue that rendered passwords and other confidential information vulnerable to the prying eyes of the malicious hacker. Already, law enforcement has started cracking down on hackers that have leveraged this security vulnerability. This week, a 19 year old computer science student has been charged with swiping tax data on over 900 citizens (read more here). If you use Facebook, have a Gmail account, stream TV and movies from Netflix, or view videos on YouTube, your password(s) may have been compromised (see list of popular sites that are vulnerable).
Internet security experts are urging consumers to change all of their internet passwords – so have you? Ask your friends if they’ve changed their passwords following the Heartbeed scare. Despite the seriousness of threats like Heartbleed, it seems that sometimes we just can’t be bothered to do anything about it. We’ve simply become numb to internet security breaches. They happen so often that most of us simply shrug our shoulders when they occur and move on with our lives, without realizing the full extent of the risk.
Of course, deep down we know that our laissez-faire attitude is not the right thing to do. So let’s face the ugly fact – our society has an addiction to passwords. Change our password? What’s the point? The new password will still be vulnerable.
I’m not a person that typically places bets, but there is one thing that I know for certain, and I am willing to bet on it. There will be another major internet breach this year where passwords and other confidential data are compromised. The only question is when and at what scale. Will the breach be catastrophic, or simply devastating? Last year was described as “an epic year for data breaches” with over 800 million records compromised, with the largest breach at Adobe, where 152 million user names and passwords were stolen. Since most of us use the same password for all, or most, of our internet accounts, a breach of one of our passwords provides hackers with access to accounts that can be very damaging, notably our bank account. So the threat is very real, and if the past is any indication of the future, we will continue to see these security breaches and one day, each and every one of us will be affected by this recurring security nightmare. This means one thing: changing your password is not a long term solution.
So what are we going to do about it? We need an alternative. The alternative needs to be more secure, yes, but most importantly needs to be easier and more convenient if we are to adopt it. This is where biometric technologies offer a solution. Read this string of comments about voice biometrics by Vanguard customers posted on the Bogleheads investor forum. When biometrics is done right, consumers naturally gravitate to it because it’s quicker, easier and less frustrating than passwords.
Would biometrics have prevented Heartbleed? The answer is no. Heartbleed would have occurred regardless of the way we authenticate on the web. However, the impacts of Heartbleed would have been significantly diminished. Once your password is compromised, you’re toast. Bill Paxton’s eloquent quote in the hit sci-fi movie Aliens comes to mind, “Game Over Man, Game over!” With voice biometrics, the worst case scenario is that a data breach would allow a hacker access to a voiceprint to make a recording. Fortunately, voice biometrics offers an array of technologies to detect recordings, so the hacker would most likely get caught attempting to compromise that specific account, making the hacker unsuccessful. The types of massive breaches that we are continually seeing with passwords are not possible, and even the risk of a point attack on a single account is significantly reduced with voice biometrics.
I, for one, am looking forward to seeing more organizations deploy alternatives to passwords. Do you agree that it’s long overdue?