Authentication Methods Need to Evolve

Smartphones have changed our lives. We can communicate with family and friends around the world via video calls and instant multimedia messages. We order groceries with our phones and broadcast our ideas to the world. The innovations in personal devices and their capabilities are unprecedented. Mobile devices are integrated into our routines and impact the manner in which we express ourselves and our phone numbers have become our virtual addresses, a means of reaching us wherever we are in the world.

We have become so closely tied to our devices that our interaction with them is shaping our expectations of how everything around us should function. We rely on immediate and unencumbered access to information and services and this reliance is impacting our society. The future is being shaped by the computers in our pockets. Part of our expectation is that the services we use and our identity should be seamlessly integrated into our devices. There is however a fundamental security issue that must be addressed with respect to our need for information and digital services.

Each system, device or service we interact with must be secured. Achieving a high level of security is typically characterized as cumbersome and counter to our ideal of immediate engagement and a friction-free user experience. To date, the manner in which this has been delivered has been a one time entering and saving of credentials or by using your Facebook, LinkedIn or Google credentials with other sites and services. The engineering, it would seem, has ceased at the doorstep of the major services we use. The username and password persist as the primary means of identifying ourselves and gaining access to our personal or business information.

The problem with usernames and passwords is that they are just pieces of data that, together, form a key to open a door to data or services. There isn’t anything about the username and password that tie the activity of logging in to a site or app to your identity, proving that it’s you. Usernames and passwords are digital cash, open to be used by anyone in their possession.

User credentials have proven to be the most vulnerable and highly targeted data for hackers. 2016 is a banner year for the quantity of records exposed due to data breach. Think about how long you’ve relied on usernames and passwords and how the world has changed in that time. Why are we still depending on the same approach to secure our data? How many different accounts do you have and how many usernames and passwords are you using? Research has shown that we are not adept at varying our credentials in a way that facilitates security. We repeat passwords across services and often make them simple and easy to break. Your services and providers are counting on you, the user, to make sure your credentials aren’t weak. We need to hold our technology providers accountable for delivering a more secure yet easy-to-use experience that maximizes engagement and security. Adding our mobile numbers and an effective app to the user experience is an opportunity to dramatically improve the security of our online world similar to the way we’ve adjusted our approach to physical security.

We have made this important social and cultural shift in our lives post 9/11 when it comes to physical security. We experience the shift when we travel, enter office buildings or in the security presence at public events. We however continue to rely on legacy security parameters for technical systems in a way that we would never accept in physical access controls. We must adjust our expectations with respect to what we accept as a secure online experience. It’s time for us to move beyond passwords in a way that is culturally and socially accepted, while embracing the ease of use and immediacy we demand from our interaction with mobile.

There are better ways to secure our online lives. We have an opportunity to leverage our affinity to our mobile devices to deliver an easy-to-use and secure online experience. We’ve accepted cultural change in our non-virtual world and it’s time we evolve in our virtual lives. Insist that your services adopt a form of strong authentication so that your accounts aren’t compromised because you are using the same username and password you had with MySpace and AOL.

Edward Robles is the co-founder and CEO of Qondado LLC, a cybersecurity startup that offers biometric, mobile-based authentication solutions.