The Hospital of the Future – 5G and IoT Inspired

Health and social care in the UK can benefit from the roll-out of 5G and Internet of Things (IoT) technologies, according to new research from...

Latest Posts

M-Pesa is first African FinTech platform to join United for Wildlife Financial Taskforce

M-Pesa has become the first mobile money provider in Africa to join the Financial Taskforce established by United for Wildlife, a coalition of charities...

Capitec Introduces All-In-One ‘Scan to Pay’ (QR code) Functionality

Capitec, South Africa’s largest digital bank, has launched its QR code payment functionality in their new app. The ‘Scan to Pay’ offering can be...

Vodacom to Halve Its Carbon Footprint by 2025

Vodacom - which generates less than 2 metric tons of carbon per terabyte of data a year - says it plans to halve its...

Takealot.com, M-Pesa and Jumia Join BCG’s Top 100 Tech Challengers

Safaricom’s mobile money service M-Pesa, Nigeria’s e-commerce sites Jumia and South Africa’s Takealot.com are picked as 100 tech challengers by global management firm Boston...

Time to dump passwords for good?

By Martin Walshaw, senior engineer at F5 Networks

It’s conceivable that one day biometrics may replace passwords completely, across many different services

The more news that trickled in about last year’s Sony hack, the more depressing the situation appeared to get. At one point, it was revealed that the entertainment giant was keeping passwords to internal systems as well as social network accounts in plain text. Not only that, but they were kept in a folder called ‘Password’.

Here’s how Buzzfeed described it: “Included in the newest data dump is a file directory titled ‘Password’, which includes 139 Word documents, Excel spreadsheets, zip files and PDFs containing thousands of passwords to Sony Pictures’ internal computers, social media accounts and web services accounts. Most of the files are plainly labelled with titles like ‘password list.xls’ or ‘YouTube login passwords.xlsx’.”

For anyone with a passing interest in security, which really should be all of us, that is a pretty shocking thing to read. Basic security advice is to try to avoid writing passwords down, and particularly to avoid keeping them somewhere so easily identifiable. Avoiding easy-to-guess words, such as anything from the dictionary, is also good advice, as is never repeating passwords; make sure each one is unique to that service.

But while passwords remain the primary way to access so many services, all of that is easier said than done. And so maybe that is what needs to change. Maybe it’s time to get rid of passwords for good. Are they fit for purpose these days? Many would argue they are not. They can be hacked, they can be guessed, they can be forgotten.

For those still wedded to passwords, using a password manager can help, as can using two-factor authentication where it’s available.

But the industry is beginning to offer alternatives to passwords. The launch of Apple’s TouchID has brought fingerprint recognition technology to a wider audience, and as we know, where Apple leads the rest of the industry tends to follow: Samsung and HTC have both released devices with fingerprint scanners.

Biometrics such as TouchID or eye scanners are a good alternative and the technology is becoming more convenient and easier to use (which is key for widespread adoption). Someone looking over your shoulder can copy your password; they cannot copy your fingerprint.

At the moment, Apple’s TouchID can be used to unlock iPhones and iPads and make purchases from Apple’s online stores such as the AppStore and iTunes as well as its Apple Pay NFC technology. But it’s conceivable that one day biometrics may replace passwords completely, across many different services.

It’s not just mobile apps that could benefit from biometrics. Imagine accessing work emails – or any other work-related application – on your home PC and, instead of entering a password on your computer, you authenticate yourself via a fingerprint reader on your mobile device that is connected to your office back-end systems.

But those days are not here just yet, so maybe it isn’t time to dump passwords. As well as following the advice above, it is wise to make sure passwords are just one layer in the security infrastructure.

This involves adding more context to security. Instead of just using a password for authentication, businesses can look at the device being used and its location, what the user is attempting to access and other details to give a clearer picture of the authentication request. Context in security is something we’ve talked about recently, in fact.

So it seems to me that we are moving beyond passwords as the primary method of authentication. But they will be around for a while yet; at least until the alternatives become more convenient. Until the industry does standardise on a replacement, it is wise to ensure that passwords are just one layer of your security infrastructure.

Latest Posts

M-Pesa is first African FinTech platform to join United for Wildlife Financial Taskforce

M-Pesa has become the first mobile money provider in Africa to join the Financial Taskforce established by United for Wildlife, a coalition of charities...

Capitec Introduces All-In-One ‘Scan to Pay’ (QR code) Functionality

Capitec, South Africa’s largest digital bank, has launched its QR code payment functionality in their new app. The ‘Scan to Pay’ offering can be...

Vodacom to Halve Its Carbon Footprint by 2025

Vodacom - which generates less than 2 metric tons of carbon per terabyte of data a year - says it plans to halve its...

Takealot.com, M-Pesa and Jumia Join BCG’s Top 100 Tech Challengers

Safaricom’s mobile money service M-Pesa, Nigeria’s e-commerce sites Jumia and South Africa’s Takealot.com are picked as 100 tech challengers by global management firm Boston...

Don't Miss

Liquid Telecom And Zayo Partner To Expand Global Network Coverage

Pan-African telecoms group Liquid Telecom has announced their partnership with Zayo Group, a global leader of communications infrastructure. The partnership will see Liquid Telecom...

SA’s MetroFibre Sets R3 Billion Plan To Expand Fibre-To-The-Home

MetroFibre Networx on Tuesday revealed its three-year plan to cover 300,000 residential homes across South Africa with fibre-to-the-home services. This plan was disclosed as part...

CloudGate X PC Review: A Compact Yet Powerful Machine

The new CloudGate X mini PC may be tiny, but it is packed with features that can more than match any conventional desktop. Weighing only...

From Survive To Thrive, Working Together For A Better Africa

For most of us, 2020 has been a year of almost dramatic, almost traumatic change. As individuals, our lives have been transformed; as businesses,...

Leading Campus Networks into the Intelligent Gigabit-Wireless Era to Power Digitalization

More and more success-driven enterprises are seeking to deliver intelligent customer experience through reliable digital networks. Digitalising existing services allow enterprises to create a new...

Stay in touch

To be updated with all the latest news, offers and special announcements.