Support Ticket

Help Center

Sales enquiries: 0151 363 5347

Customer support: 033 3344 2406 option 1

Is Password Security Safe in Your Own Hands?

September 14, 2016

Share this article:

In 2016, news about stolen passwords, hacks and cyber security lapses are not hard to find. Every week it seems there is a new story of accounts being hacked through stolen passwords, but at the same time, every day countless people are creating new accounts on services that still require usernames and passwords. Why is that still the case?


Password fatigue

Well, at face value, and if used properly, passwords are not too bad a security measure. If the service uses proper encryption and the people signing-up follow the right guidelines, creating unique complex passwords for every account, they can work quite well – if you can remember them all.

The problem is: we’ve been using passwords for decades now and people simply don’t follow best-practice guidelines anymore – if they ever did – and for perfectly understandable reasons. It’s become an almost impossible task – I scarcely remember what I had for breakfast, let alone the password I created for that service I last used six months ago.

And what’s more, there is a growing wealth of evidence, that some of those so-called “right” guidelines we have to follow are doing more harm than good.

Safety guidelines?

Changing your password regularly is often recommended as good security practice. A lot of the time, no doubt, it is good practice. For example, if you have any suspicion that one of your passwords has been compromised, it’s imperative you change it immediately.

However, there is evidence out there that, when users are forced to do mandatory password changes every six months or something similar, it can lead to weaker security overall.

The problem with security, is that it relies too much on the human element. It’s left to us to make our security as strong as possible. But when you make your security brilliantly strong by choosing some insanely complex and obscure password that has absolutely no connection to the service you are using, all too often, as you’re desperately attempting to log in for the fifteen time, the only person your strong security practice has bested, is yourself.

Having to change passwords regularly only exasperates that problem. In fact, if people know the password is somewhat temporary, they tend to create weaker and more memorable passwords in the first place. Then, when it becomes time to change it, they simply create a new variation – changing a month that is used in it, or increasing a number or the year in it, or maybe just changing one letter.

One study showed that on a system that required regular password changes, when the hackers had cracked one older password, they were able to guess the new password after less than five attempts in 15 percent of cases.

Solution ‘at hand’

Passwords are not inherently bad; they did a good job for a little while. But they have had to adapt and change too much to be convenient anymore. They rely too much on a human element to be practical and secure. Left in the hands of the users, they are simply not safe anymore.

But it is in people’s hands, quite literally (and I do actually mean literally), that we believe the best and easiest to implement security alternative resides. Fingerprint biometrics provide more security and convenience than passwords ever did.

In the form of fingerprint recognition technology, such as we use here at BioStore, both improved security and greater convenience are provided. The security of the systems no longer becomes dependent on the user’s ability to come up with unique and different ‘tokens’. Instead, they use the unique and secure token they have ‘on hand’ at all times.

A fingerprint can’t be stolen or phished for in the same way passwords can. And users can’t ever forget or lose them. Biometrics rely on a human element, but in a completely different way to passwords. They rely on them in a way that creates strong, secure and easy-to-use solutions that are now far better than password alternatives. The solution really is “at hand”.

FTC: Time to rethink mandatory password changes

BioStore Multi-factor authentication

Share this article: