Is It Time to Ditch Passwords Once and for All?
April 28, 2021
Speed and security have become of paramount importance for any business dealing with customer data. Customers want to be able to access their accounts and services as soon as possible, but they expect their information to remain safe and secure from criminals.
This substantiates the argument for multi-factor authentication and negates the security of the opposite. Passwords are still an authentication method of choice for some businesses, but the time has come to ditch them once and for all.
Below is a list of all the topics we will cover in this article. Go ahead and click on any of these links, and you’ll be taken to that specific section.
The End of the Password
How many times have you tried logging in to an online account only to be faced with: ‘your password is incorrect’, or ‘please reset your password’. Many people avoid this by reusing the same password for a number of online accounts; according to a recent report, 61% of people use the same or similar password across different accounts, despite knowing it’s not secure.
The main reason for this is the sheer number of accounts people own these days. In the Acuant annual identity survey, 91% of respondents had opened an online account in the last 12 months. So, unless you keep a record of every password for your hundreds of accounts (which, of course, you shouldn’t) it’s nigh on impossible to remember a unique password for each account.
Coupled with the above reasons, the very nature of passwords makes them easy to hack for fraudsters; if a criminal is able to crack a password once, they’ll typically gain access to other online accounts that use the same, or similar passwords.
There are many ways criminals can leverage technology to gain access to people’s passwords – it only takes seconds for hacking software to test thousands of credentials against popular retail sites and online banks – but one of the most common is malware viruses. Millions of computers are infected with viruses that capture keystrokes and log passwords. Even if you use strong, unique passwords that you change regularly, if your computer is infected, you can’t prevent a hacker from accessing your passwords.
Once passwords are discovered, they regularly appear on the dark web and made available to be bought and sold for relatively small sums.
These reasons all point towards passwords being insecure, but of course, there are better ways of verifying customer identity.
As things stand, the answer lies in multi-factor authentication, but there are a number of methods of identity verification and the best one for your business will depend on your industry and jurisdiction.
With ever-evolving forms of regulation, choosing the right form of identity verification which is both robust and compliant is becoming increasingly difficult. Each method of authentication is referred to as a factor and here are the typical ways of authenticating customer identity:
- Government Issued Document Verification
- Biometric Matching
- Utility Bill Address Verification
- CRA ID Verification
- Digital Footprint Authentication
- Email/Mobile Authentication
These factors are used to verify user identity and restrict access to anyone who isn’t who they claim to be. While they may feel secure enough on their own, there are pros and cons to all factors. Part of deploying a secure authentication process means understanding the risks posed by each factor, and combining them effectively to mitigate those risks. An adaptive approach that evaluates varying circumstances like network, demographic and location, amongst others can help align authentication factors to the risk level.
Businesses looking to employ a robust and efficient onboarding process should implement multi-factor authentication that assesses the risk of each unique login request, and selects authentication factors accordingly.
How We Can Help
Here at Acuant, we’ve developed a complete suite of automated solutions for all of the above methods of identification which meet the KYC and AML requirements of every regulated business.
Our comprehensive family of solutions means there is no need to manage multiple integrations from different providers. This approach helps increase pass rates in countries all over the world, verifying identities using a number of data sources, which in turn increases revenue, increases customer acquisition with real-time onboarding and creates a better customer experience. It can also help future-proof your business with the ability to switch on additional services as your requirements change.
Acuant’s one simple, global solution, Sodium enables customer verification in real-time. Utilise a single element or multiple processes – it’s entirely up to you. Learn more about how we can help to automate and simplify your verification processes to help you gain a better understanding of your customers.
Book a demo today and see for yourself how powerful our suite of solutions are.