With hackers becoming increasingly better at cracking logins, what are good password alternatives to protect your account and increase network security?
What can be used instead of passwords?
- PIN codes
- Multi-Factor Authentication
- Physical Keys
- Facial Recognition
- Fingerprint Scans
- Iris Scans
- Voice Verification
What Are the Risks and Challenges of Using Passwords?
Passwords are the most common form of authentication still on the market today. And this fact makes a lot of sense. Passwords are easy to implement, low cost (on the front-end), and complementary with other authentication methods.
However, in many ways, passwords are an artifact of an older time in computing, one where users interacted with local or network machines on a much smaller scale. Modern technology, based on users engaging with dozens of accounts, is demonstrating some of the key weaknesses of password-based authentication.
Some of these fall into recognizable categories:
- Social Engineering: Phishing is one of the most prevalent forms of cyberattacks globally, counting on the fact that people will fall for official-looking communications. The success of these attacks also relies on the reality that passwords are completely compromised once given away, and it only takes a few minutes to lose control of an account or a system.
- Database Theft: Passwords need to be stored somewhere. That “somewhere” is usually a central database—a database that has a huge target on it, depending on its owner. Once a database is hacked, even encrypted passwords will eventually be compromised.
- Lack of Identity Proofing: Passwords are a form of authentication that cannot guarantee the user’s presence. This means that whoever has the password will be considered authentic no matter where they are. Identity proofing and assurance are impossible with passwords alone.
- User Experience and Bad Cyber Hygiene: One or two passwords are manageable. Dozens, perhaps a hundred, are not. To help users juggle these passwords, they often avoid following best password practices, like creating long, complex passphrases and using unique phrases for every platform. This leaves them vulnerable to brute-force attacks and password spraying.
So, while passwords are common, and there are ways to make better use of them, they also have some fundamental flaws across security, usability, and flexibility for compliance.
What Are Alternatives to Passwords?
Unsurprisingly, enterprise businesses will often provide complete alternatives to single-password authentication systems. Replacing passwords as the only solution for authentication doesn’t just protect the end user, it protects the company as well.
Some of the more common forms of password alternatives include the following:
Personal Identification Numbers
Sometimes companies will call for a PIN alongside a password, essentially asking for two different forms of password-like identification. Typically, you won’t find an organization fully replacing passwords with PINs because, by and large, they serve the same purpose and introduce the same risks.
Multi-factor authentication uses two or more forms of different authentication. By calling for multiple forms of identity verification, the system can assure that both the author is who they say they are and that their credentials haven’t been stolen.
For MFA to work, however, the authentication process must include two or more different types of credentials:
- Knowledge: The user proves that they know something, like a password or PIN.
- Ownership: The user confirms that they own or hold something, like a mobile device or email account.
- Inherence: The user proves that they are someone through biometric evidence from their body or behavior.
By combining two or more of these categories, a system can reduce the risk of fraud or identity theft.
Some common forms of MFA, including the most common two-factor authentication systems, will use passwords in combination with one of the following items:
- One-time passwords: OTPs are delivered at the point of authentication, automatically generated by the system and sent to a location that only the user should have access to (ownership). These locations can include an email, SMS text, or automatically generating OTP through a mobile verification app.
- Biometrics: Several biometrics categories (see below) serve as verification of “inherence.”
- Geolocation: Some modern authentication methods will check a badge or mobile device for location and only allow authentication based on proximity to a physical space, like an office.
- Physical Keys: Physical authentication devices differ from OTPs in that they can provide additional security based on cryptography while still serving as proof of ownership. These work well when a very close physical proximity to a device or security measure.
Biometrics is the most rapidly expanding form of authentication on the market, mainly due to the proliferation of devices that can collect biometric data quickly. Biometrics are also popular because they are tough to fake—while some biometric information can be spoofed, it’s much more difficult to do than, say, stealing a password.
Biometrics also short-circuit some of the weaker aspects of passwords, specifically that most biometrics require some sort of physical presence and reduce the threat of phishing attacks.
Some common forms of biometric authentication include the following:
- Fingerprint Scan: Many smartphones, tablets, and workstations include the option for fingerprint scanners. While not 100% unique across the entire human population over time, fingerprints are still remarkably useful alongside or as a replacement for passwords.
- Facial Recognition: Many modern devices, including camera-enabled computers, can perform facial scans, which are surprisingly unique when factoring in the size, shape and location of every piece involved (hair, eyes, nose, ears, mouth, etc.).
- Iris Scan: Like facial recognition, iris scans use camera-enabled devices to scan the shape and contours of the iris, a part of the body that is as unique as, if not more than, a fingerprint.
- Voice Verification: Voice analysis was much easier to falsify than a facial scan. However, modern advancements in voice recognition with AI have made voice verification a viable tool for MFA solutions.
Single Sign-On (SSO)
The challenges of multiple passwords across multiple apps and platforms are monumental. Approaches to managing the complexity of this situation have led to solutions like federated identity, a practice of using a central identity and an authentication manager to log in to multiple platforms. The central organization does not broadcast password information. Instead, external partner sites will send assurance requests to that provider, and when approved, allow the user to authenticate using that set of credentials.
This is a critical step in reducing the problem of weak passwords or password theft compromising multiple systems.
A smaller version of this, SSO, uses federated identity for authentication within a single domain. So, for example, while broad providers like Google can help authenticate against a wide range of apps, an SSO solution would do the same for all your accounts tied to your job (cloud apps, HR solutions, etc.).
Go Passwordless with 1Kosmos BlockID
While there are many alternatives to vanilla password authentication, one of the most effective approaches is simply removing passwords from the equation. A passwordless authentication system can use any combination of these alternatives to replace passwords, including critical features like liveness proofing, anti-spoofing measures, and compliant onboarding and password management in a secure environment.
This is 1Kosmos BlockID in a nutshell. With 1Kosmos, you get identity management and authentication platform with the following features:
- Private and Permissioned Blockchain: 1Kosmos protects personally identifiable information in a private and permissioned blockchain and encrypts digital identities and is only accessible by the user. The distributed properties ensure that there are no databases to breach or honeypots for hackers to target.
- Identity Proofing: BlockID verifies identity anywhere, anytime and on any device with over 99% accuracy.
- Streamlined User Experience: 1Kosmos provides simple user onboarding and convenient access anywhere, anytime and on any device. The experience can be delivered via the BlockID app or integrated via our SDK into your custom app.
- Identity-Based Authentication: We push biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through credential triangulation and identity verification.
- Interoperability: BlockID can readily integrate with existing infrastructure through its 50+ out of the box integrations or via API/SDK.
To learn more about password alternatives and passwordless authentication, watch our webinar on Digital Identity, Passwordless Authentication and a Path to Frictionless Zero-Trust Architecture. Also, sign up for the 1Kosmos newsletter for more information on products and services.