FIDO, Equifax push for passwordless, biometric authentication to prevent data breaches
At the recent World Economic Forum Cybersecurity Summit in Geneva, CNN spoke about going passwordless, biometrics and cybersecurity with Andrew Shikiar, executive director of FIDO Alliance, and Daniel Dubowski, vice president of cybersecurity at Equifax. Shikiar and Dubowski both agree the solution to prevent a good number of data breaches is to simply have no password, following the 2019 Data Breach Investigations Report from Verizon claiming as many as 80 percent of breaches are a result of compromised credentials.
According to Dubowski, the high number of accounts used by the average person on a regular basis makes it highly unlikely to have individual unique, complex passwords. The truth is, he says, users stick to an average of five to 10 passwords that they reuse, so “there has to be a strategy beyond passwords, there has to be a stronger method of authenticating, and we’re partnering with FIDO Alliance to be able to do that via strong cryptography and PKI.”
Shikiar is confident that consumers already have available all the technology needed to make that happen, as Windows and Android are two top platforms that can deploy biometric technology for log in. While Apple has not yet officially signed up to be FIDO-enabled, Shikiar says the tech company is supporting the core technologies and has greatly contributed so far.
In 2019, Shikiar claims over a billion devices became FIDO-enabled, and the organization is driving efforts to make websites support FIDO on the backend side. The growing number of data breaches and the alleged 40 percent success rate of a phishing email are what drive FIDO’s goal to roll out simpler and stronger authentication.
Shikar thinks FIDO could have the answer to the problem. Security keys, for example, that either connect to the device via a USB port or communicate through Bluetooth or NFC could be combined with a password or a biometric to deliver a two-factor authentication system.
Dubowski believes going passwordless would be more cost-effective and would deliver a better, seamless end-user experience. Supporting the security key project, Dubowski explains how Equifax already uses Google authentication keys for multi-layer authentication in privilege, application and desktop access. Cybersecurity needs to become a priority, he says, while biometrics could make paswordless authentication mainstream. Going passwordless could be a vital step in mitigating a significant number of attacks, he adds.
More than half of British people meanwhile would make the shift from passwords to biometric verification, found an Equifax survey conducted online with OnePoll.
“Biometric technology continues to progress and be considered a more mainstream form of verification. It provides a more secure identification model for both companies and end users and can help financial institutions grow trust and confidence with their customers so it is very positive to see this recognized,” said Keith McGill, Head of ID & Fraud at Equifax, in a prepared statement.
During the online registration process for a financial product, 50 percent of respondents said they experienced different levels of frustration caused by the verification system which led them to give up on registration. Some of the top complaints were that the process was dragging on for too long (52 percent) or was too complex (46 percent), the requested documents or information were not immediately accessible (38 percent), while 21 percent did not trust the system with their data.
“It’s no surprise to see such frustrations towards the myriad of passwords, pin codes and security phrases. People are encouraged to always have unique information for each website or account they hold, meaning a list of codes and phrases that is unrealistic for many to remember given the volume of registration processes they are asked to undertake in modern society. Lengthy, complicated and onerous registrations will soon be a thing of the past, with biometrics leading the way in the future of identity verification and modern financial relationships,” McGill added.
Most views on biometric verification were positive. While 40 percent said it was faster than traditional forms of verification, 27 percent said biometric verification makes them feel more secure and 21 percent would have more confidence in their bank or financial institution if biometric verification was deployed. On the other side of the spectrum, 19 percent consider it an invasion of privacy, 13 percent said it scares them and 11 percent called it “annoying.”