With the explosion in the number of web accounts we all hold, comes the problem of how to remember dozens of different log-in details. What do most of us do? Mostly, one of four things:
1. Keep passwords too simple – making the hackers job easier
2. Use the same password for multiple websites
3. Write passwords down, often keeping them near, or on, the computer because we can’t remember them
4. Rely on the ‘forgotten password’ feature on websites (which is itself basically flawed. As long as someone can gain access to our email account, password retrieval is easy
It’s hardly surprising, then, that we’re facing an increasing problem with identity fraud, particularly card-not-present (CNP) fraud.
We rely on the same username and password principle today that we did at the beginning of IT security, and it’s getting to the point where it is no longer a viable solution. Some banks try out various multi-factor authentication techniques (such as card-sized security code generators), but even these will run their course, for who will be able to carry enough of these devices for every online account they hold?
I don’t have all the answers, but I do hope to start a debate around how we can change the methods we use to authenticate users. I believe that it’s one that the financial organisations in particular should be putting significant time and resource into finding a solution.
We discuss these issues in a new white paper – Authentication, who are you – on our site You can download it here.