August 25, 2015

Share Everywhere

Will Facial Recognition Replace Strong Passwords?

On this blog, we spend a lot of time talking about sophisticated security threats. But we especially love talking about the other side: advanced protection to fight those threats. As criminals focus on breaking through systems and stealing identities, technology developers and security experts work even harder to stop them.

Here’s a great example: MasterCard will soon start experimenting with a pay by selfie program that allows customers to use a facial scan instead of a password for online purchases.

The MasterCard facial scan pilot project will start with 500 customers. After the technical glitches are worked out, it’s likely that the technology will get a wide release. For additional credit card security, MasterCard also plans to give customers the option of using a fingerprint scan, much like Apple’s iPhone scanner.

But it won’t just be MasterCard experimenting with facial scans. Microsoft recently announced that Windows 10 will also use the technology as a login feature. Security through selfies? Incredibly, it could be one of the new ways to prevent identity theft.

The End of Passwords?

So many of us struggle with passwords because we now need to lock down a long list of apps, devices and online accounts. Personally, I have a laptop, tablet and smartphone, along with online accounts for banking, two credit cards, investments and a mortgage. Each account needs a different password, and I know that a combination of letters (uppercase and lowercase), numbers and symbols is the best way to go. The more difficult the passwords are to hack, however, the harder they are to remember. This is a struggle even if you use a password manager to keep track of your passwords!

It seems that companies are finally catching on that users need help with creating strong passwords and are coming up with technologies that use physical characteristics instead. But don’t ditch your anti-hacker strategies quite yet. Here are the pros and cons of some popular systems:

What It Is Pros Cons
Two-Factor Authentication Identification that employs two components, such as a password and a limited use “code” that’s delivered via email or text. An added layer of protection above your password alone. Difficult to hack because the thief would need to have access to your mobile phone or email to receive the second level of authentication. It’s a hassle. You have to use multiple systems to unlock your account. Plus, timing is key; move too slowly and you have to start the process all over again.
Password Managers An app that stores all of your passwords in one place, using one strong password. You only need to remember one login and password combination. If your password manager is hacked, it leaves all of your accounts vulnerable.
Emojis Password technology that employs emoji characters rather than personal identification numbers. Pictures tend to be more easily recalled than numbers, and there are far more options over the traditional four-digit passcodes. Plus, no favorite pet name, birthdate or mother’s maiden name for thieves to easily guess. Technology is not yet in wide release and can only be used on touchscreens. Also, with so many symbols to choose from (some of which look the same), users may inadvertently select the wrong symbol.
Retinal Scans Recognizes the unique patterns within each person’s retina. A low rate of false positives and high reliability, since no two people have the same retinal pattern. Equipment costs are high, and eye diseases like cataracts can affect the results. Also, many people find the scan invasive, since a device needs to be very close to the eye to be effective.
Fingerprints Uses your unique fingerprint pattern as a passcode. Apple’s use of fingerprint scans has driven more adoption, and the scans feel far less intrusive than retinal scans. Hackers have been able to duplicate fingerprints, and security experts have expressed concern that the technology isn’t sophisticated enough yet for widespread use.
Facial Scans Performs a scan of your face to validate your identity. Technology that uses facial scans, like MasterCard’s SecureCode, has been used by law enforcement agencies for years, so it already has some kinks worked out. Privacy advocates have wondered if the technology could be more of a risk than a benefit, since faces could be “stored” in databases. This could lead to tracking without your consent as well as stalking.

Overwhelmed by the above options? Remember, it’s still advisable to stick to your strong passwords — and here are some tips that can help. Also be sure to keep an eye (and a fingerprint!) on the growing field of authentication technology. Who knows? Soon, a selfie might just be the best credit card security available.

Image courtesy of Flickr user Susanne Nilsson.

Melanie Medina

Sr. Director of Digital Marketing at IdentityForce
Melanie is a native of Bolivia who has lived in Boston for over 10 years. She likes to make time to travel, jog, read, and play backgammon. Fueled by copious amounts of coffee, Melanie stays on top of her to-do list while also keeping abreast of identity theft issues. Serious data breaches are happening all the time in the U.S. and Melanie loves being part of a solution that brings peace of mind to families across the country.

Latest posts by Melanie Medina (see all)

Join The Discussion

Your email address will never be published.