For many people, online security is an afterthought. We handle important things such as banking, credit cards and certain health related tasks online using a single, common password. Well, the common password issue is a significant problem with a sordid past, most recently chronicled in this InfoWorld article by Roger Grimes.
But is it really necessary to use a different password for every online account? The simple answer is yes, if you want to truly be secure online. But, many websites are helping the consumer manage this more easily by using a method known as strong authentication. If you currently do online banking with Bank of America or ING, you have already experienced strong authentication in action. For those of you who haven’t, strong authentication is really a simple concept. Essentially, strong authentication is the process in which you prove who you are when you log into a site. You may be asking, “well isn’t that what a password is for?” A password by itself is a weak form of authentication. Strong authentication adds in another layer of proof, usually by combining something you know, like a password, with something you have, like a separate PIN number or a fingerprint. For ING customers, you complete multiple steps by entering in your account number or ID, answer a couple personal questions, confirm a preset picture and caption are correct, and then provide a Personal Identification Number (PIN). The personal questions and the image and caption combination are added security steps that make it strong authentication.
The ING example may seem like a daunting process if it is required for every website that you log into, however, many new technologies are emerging to simplify the strong authentication process. So what technologies are on the horizon to help with strong authentication?
Imagine one day you log in to your bank account online, and after entering in your username, you are asked for your fingerprint or a picture is taken of your face. Although this seems very James Bond, it is already happening today. This technology is known as biometrics, and it measures a physical or audible characteristic to determine the identity of a person. “Using your fingerprint or facial features to confirm your identity is a significant step forward in consumer identity security,” said Jim Fulton, vice president of DigitalPersona. “No two fingerprints are the same, providing you strong authentication when accessing your accounts.”
In Poland, people can withdraw money from an ATM using their fingerprint. Biometric solutions are also already available to businesses and consumers on their computers to help manage logins and passwords. Many laptops now come with built-in fingerprint readers and cameras making the technology available to you without having to go buy add-on parts.
Using your fingerprint to manage passwords means you can make them longer and more complex. Combine your new long, complex password with something like your fingerprint or facial features, and you have strong authentication. Taking the time to secure your digital transactions means you will be less likely to have your personal information stolen. So take the first step and begin using different passwords for each account. Then, request that your online banking, medical and other service providers adopt strong authentication methods to secure access to your accounts.