Security vs. Convenience
By Ken Showers, Managing Editor
Updated 1:59 PM CDT, Wed August 10, 2022
I’ve spent a lot of time recently thinking about passwords. I mean, who doesn’t do that these days? Using a new streaming service? Password. Changing financial institutions? Password. Starting a new job? Probably a dozen new passwords.
In a recent blog I discussed just how prevalent the data breach has become in our daily lives and how much is affected by it. It reveals our security vulnerabilities all the way down to our habits. That kind of problem isn’t targeted at any group and affects the average Joe all the way up through C-Suite executives. Passwords are a problem, and we have way too many of them.
Talking with my best friend in the tech field, he complains that there’s a huge correlation between security and inconvenience. You will likely have noticed that passwords require more complexity as the years go by, now requiring additional different cases for letters, numbers, and symbol requirements. This may protect users from common phishing attempts on amateur passwords that reflect birthdays, or anniversaries and other password pitfalls, but it doesn’t do a lot to further security beyond that. Well, besides keep IT busy all day long resetting people’s passwords.
While more complex passwords have become the norm, they are just as vulnerable, if not more so, to a hacker’s brute-forcing passwords. Complex password requirements narrow the field of possible permutations, making it faster to decipher. Complex passwords also see users gravitate towards reusing passwords for multiple applications. That’s another big security no-no.
Hey, what if I told you longer passwords can be less complex and still be more secure than shorter complex passwords ever could? Making passwords even longer could solve the brute-forcing problem, so who’s in favor of adding several more characters to existing passwords!
What? No volunteers?
Now it's secure and users can just take that password and put it on a sticky note and…Oh right. I guess it’s the chicken and the egg with that scenario. There might be a happy medium, however. Biometrics are becoming a huge part of the security industry. They have applications to any number of access systems from banking, data, and even motor vehicles. With fingerprints, or face and retina scans, users can get swift and secure access to their content without needing a cumbersome number of passwords of varying complexity. It’s the security equivalent of bundling cable into one convenient package.
Sales projections guarantee that biometric access will be a major part of security in the future, if not the face of it. The question will be if users would be willing to submit to that level of security and privacy loss for the sake of ease of use. Even if they are, how long until bad actors can easily spoof fingerprints, retinas, and facial scans?
Popular doorbell camera company Ring recently failed to have a legal case dismissed based on its cameras recording facial data for people passing by. In 2019 a data breach exposed the biometric data of millions of people, and while you can change a password, you can’t change your face or your fingerprint. Thankfully, two-factor authentication can add a layer of protection to keep users safe, but it can’t return users’ biometric data to anonymity.
The future is here, and the genie won’t go back into the bottle.
Comments