For nearly as long as there have been computers, the proverbial key that unlocked the gate to programs, accounts, and data has traditionally been the password. As a reinforcement to this, additional help in the form of knowledge-based authentication, or KBA, has been added. Now, however, passwordless authentication and other mechanisms like biometrics are coming into their own as passwords, and KBA fall out of fashion, and there are good reasons for this.
Convenience Is Decreasing
Password and KBA systems were originally adopted because they were cheap, easy, and comparatively secure. However, of those three qualities, only cheap remains true today. In terms of ease of use, passwords and KBA systems are now becoming more and more cumbersome. For example, most security recommendations now require a password not to be easy to decipher or remember. Best practices recommend a random string of alphanumerics to discourage an automated system from figuring out a password through a process of elimination.
Knowledge-based authentication, which asks “secret questions” or provides hints or secondary forms of access based on knowledge only a user could know, is also being scrutinized. In many cases, the metrics of a KBA, such as the name of a pet, or a mother’s maiden name, may be gleaned from diligent studies of a person on social media, where much of this information has been publicly voluntarily posted.
Vulnerability Is Increasing
A single-password-only security system is becoming one of the least secure measures against cyber attacks. By deciphering just one password, a criminal can potentially gain access to personal information, sensitive financial data, and, worst of all, actual funds. With the constant evolution of techniques such as “phishing” and “man in the middle attacks,” intercepting and using passwords is becoming easier than ever for criminals.
The counter to this of making passwords and KBA systems more difficult is causing them to become inconvenient and even intrusive for users. Polls now indicate that passwords and KBA systems are losing popularity both at the system maintenance level due to vulnerability and the general user level as they become less convenient in the effort to make them more secure.
Passwordless Authentication Is A Solution
The solution to this is the implementation of passwordless authentication systems. As the name suggests, passwordless authentication does away with passwords entirely. Other methods, such as biometrics, ensure that a user always has the proper “key” since all that’s required is a face, fingerprint, or other unique identifiers.