It's Time to Get Rid of Passwords: 5 Alternatives to Password Security
One password requires that you use special characters, the other forbids them. One password expires every three months, while another account has kept you logged in so long you couldn't even begin to guess what your password might be. You use a few variations of the same password to get you through as much as you can -- if you're forced to use something too far off from the original, you just reset your password every other time you need to log in.
And we don't need them. The age of the password is soon coming to an end as the security industry develops increasingly sophisticated technologies that protect valuable information without you needing to remember 8-16 characters. For law firms and lawyers concerned about security, this is great news.
Passwords Don't Just Frustrate Users, They Frustrate Security
It's not just that passwords annoy users. They can actually undermine security. More than 90 percent of user-generated passwords are vulnerable to hacking. Plus, passwords can be stolen -- either by the cleaner who grabs the post-it from your monitor or the nefarious hacker who swipes them from an entire system. In 2014, Russian hackers amassed a database of 1.2 billion user name and password combinations.
Password Alternatives
There are more secure ways to protect important data than passwords. A recent infographic by InfoWorld surveyed some of the new technologies that could soon begin the "countdown to password extinction:"
1. Device-Based Authentication: Also known as two-factor authentication, this security measure sends a code to your mobile device when you need to log in. It's already available for most online accounts, from Gmail to Twitter, so there's no reason you can't be using it now.
2. Password Managers: This is another existing, easy to implement password alternative. Password managers create long, virtually unhackable unique passwords for each service and keep track of them for you. Just don't let your computer get stolen.
3. App Single Sign On: These apps let you enter one name and password to access multiple systems or accounts without being asked for multiple logins. If you've been asked to "sign in with Facebook or Twitter," you're familiar with single sign on. (Don't worry, there are plenty of non-Facebook SSOs as well.)
4. Physiological Biometrics: The idea of ubiquitous finger print scanners used to seem futuristic, but is now just mundane. Apple's iPhone has been using biometrics to secure phones for a few years now. Further Advances in iris and facial recognition could increase the use of biometrics as security device. For example, Facebook's DeepFace system is already capable of recognizing a face with 97.25 percent accuracy, according to InfoWorld.
5. Behavioral Biometrics: InfoWorld describes this as "gyroscopic identification based on a mobile device's information patterns." It's not as complicated as it sounds. These "gesture-based" security measures make use of hand-held devices, asking you to make a specific body movement to authenticate yourself.
Lawyers looking to offer clients greater security (or just to retire their annoying passwords) should stay on top of these technologies, some of which are still developing, though many are here right now.
Related Resources:
- Windows 10 Says "Hello" to Logging in With Your Face and the End of Passwords (Arstechnica)
- Is Your Email Secure Enough for Client Communications? (FindLaw's Technologist)
- Lawyers: Change Your Password. Now. Seriously. Do it. (FindLaw's Technologist)
- Top 3 Password Managers for Your Law Practice (FindLaw's Technologist)