Password inventor, at 87, says passwords are insecure

A recent Wall Street Journal interview with the individual who invented passwords, MIT researcher Fernando Corbató, reinforces the notion that passwords are weak and a source of frustration to users. With password breaches reported monthly it is time to rethink the types of authentication methods used by businesses, particularly financial institutions. In this blog post, Brett Beranek adds his thoughts about the security of passwords and alternatives that forward-thinking organizations are implementing.
By
Secured Data Transfer

I, along with many others, have written numerous times about the security weaknesses of passwords. However, when the MIT researcher that invented the computer passwords, Fernando Corbató, states that “Passwords are not a super high level of security, but are enough to protect against casual snooping” and that passwords were never design for use on the internet, you have to wonder why organizations such as banks are still using them. In a recent interview with the Wall Street Journal, Mr. Corbató states that passwords have become a nightmare with password breaches reported monthly and are a source of frustration to users, including himself. Coincidentally, the interview with Mr. Corbató was published on that same day that eBay reported yet another massive password breach, and recommended that its users around the world change their passwords. eBay then got a lot of heat for the complex password reset process… As a side note, if you want to buy all 145 million compromised eBay records, it will cost you 1.45 Bitcoin.

Last month I wrote about the Heartbleed security issue that once again reminded us that passwords are simply not secure. I could write a monthly blog exclusively about password breaches, but I don’t want to fatigue readers with the same story over and over again. The truth is that we’ve all become desensitized to password breaches. We consider it as a normal fact of life. Passwords get hacked. We get it. The banks have as well. Fraud losses cost banks approximately between 0.15% and 0.3% of their total annual revenue. This is considered a standard cost of doing business.

Fortunately, a few organizations are trailblazing a new path forward. While Fernando Corbató was explaining how passwords are meant to secure against casual snooping, and eBay was dealing with a catastrophic breach of all of its customer records, José Ignacio Zorrilla, Executive Director of Channels, Banco Santander Mexico, was sharing with attendees at the Opus Voice Biometrics Conference that 1.7 million of their retail banking customers were now using voice biometrics for authentication. Beth Gallagher, Vice President of Payments Innovations, U.S. Bank, was sharing how positively bank customers reacted to their voice biometrics pilot within the U.S. Bank mobile application.

These organizations join others such as telecom services providers T-Mobile, Vodafone and Turkcell as well as other banks such as Barclays Wealth & Investment Management, TD Waterhouse and Vanguard, in transitioning away from passwords, PINs and security questions and instead leveraging voice biometrics for authentication.

So, there is a better way. There’s no reason that we should consider monthly breaches of hundreds of millions of accounts to be “normal.” Shouldn’t we demand something better?

Sources:

Tags: ,

Brett Beranek

About Brett Beranek

Like you, CX and biometrics expert Brett Beranek – Senior Principal Solutions Marketing Manager, Enterprise – is fascinated by transformative technologies that have a real impact on our lives. With over a decade of experience in the customer experience and biometrics space, Brett brings strategic and tactical insights to organizations wishing to deliver a better experience to their customers via innovative technologies. Prior to joining Nuance, Brett a technologist and entrepreneur by education and passion, successfully introduced several disruptive technologies to the health-care, IT and security markets, including as a partner of facial recognition firm Viion Systems and member of Genetec’s management team, a security firm that transformed the video surveillance market. Brett also currently serves on the advisory board of high-tech healthcare startup GaitTronics. Brett earned a Bachelor of Commerce, Information Systems Major, from McGill University as well as an Executive Marketing certificate from Massachusetts Institute of Technology’s Sloan School of Management. Brett loves travelling the globe and discovering new cultures with his three kids, Layla, Rayan and Nora and his wife, Tania.