2015, according to the Chinese zodiac calendar, was the year of the sheep. In reality, though, it turned out to be the year of the hack.
T-Mobile. ScottTrade. Ashley Madison. Even the U.S. Office of Personnel Management (OPM). All were victims of cyber hacking in 2015, and the personally identifiable information (PII) of millions was compromised. (The OPM breach is particularly disturbing, likely among the breaches most damaging to US national security of all time.)
What makes these hacks concerning is the type of information the criminals are accessing. PII for sure, but also very sensitive and valuable information such as our bank accounts, credit card numbers, and – importantly – our passwords. With bank account numbers and corresponding passwords, the criminals can reward themselves handsomely for their labors.
As hackers continue their relentless attacks on our privacy, public demand for better security has never been higher. The criminals are using advanced technologies in order to exploit system vulnerabilities, and Americans are demanding that the trustees of our PII do the same.
As a result, billions of dollars are spent annually by government and commercial organizations to put in place new and innovative security firewalls, intrusion detection systems, encryption technologies, and ‘white hat’ services who are paid to use hacking techniques to expose network vulnerabilities.
Still, the data breaches continue with no end in sight. It seems that the higher we build our walls, the higher the criminals build their ladders.
Perhaps it’s time to re-think the problem. What if the information the criminals seek is suddenly made much less valuable to them? What if we could reduce the value of the passwords?
Biometric authentication is one such solution to this problem. Biometric authentication uses physical characteristics (our fingerprints, our voices, our faces, etc.) as either an add-on or replacement to traditional passwords. Would hackers be quite so persistent if they knew that the information they were stealing was useless without the owner’s unique biometric identifiers? Probably not.
Current authentication methods don’t provide the security that is actually needed. Passwords can be hacked and socially engineered from personal information that is readily shared on social media. PINs are not unique; the 20 most common combinations represent over 25% of in-use four-digit passwords.
Your physical characteristics, however, are yours and yours alone. Interesting.
2016 is, according to the same Chinese zodiac, the year of the monkey. Perhaps that’s fitting. In Part Two of this series, we will explore how biometric authentication might reduce some of the ‘monkey business’ that the hackers are engaging in.