Beyond passwords: Tech companies seek next generation of security
Are we entering a post-password age? By the time today's preschoolers are ready for Snapchat accounts (or whatever must-have app teens will be clamoring for a decade from now), typing in a password may be a thing of the past.
According to a study from internet security firm TeleSign, 69 percent of security professionals believe traditional passwords and usernames no longer provide sufficient security. Many of these tech insiders believe a password-less future is coming within the next decade; 72 percent of those surveyed predicted that their companies would do away with passwords by 2025.
In light of major security breaches -- like the 2012 hack that compromised the email addresses and passwords of more than 100 million LinkedIn users -- it's not difficult to see why companies would look for alternate ways for users to keep their information secure.
"We're starting to see real momentum towards companies adopting behavioral biometrics and two-factor [authentication]," Ryan Disraeli, TeleSign's co-founder and vice president, told CBS News.
Two-factor authentication (also known as two-step verification) is already available for users who want extra security on many online accounts including Google, Apple, Facebook, LinkedIn, Twitter and Instagram. It generally involves the company sending a unique, secure code to your cellphone that you must type in to access your account, thus preventing a hacker from logging in with a stolen password. In the near future, it could become even more widespread. But for now, TeleSign found more than half of consumers are still unfamiliar with it, and only about 40 percent of users have enabled it on any of their accounts.
The stakes for these companies are high. The study found that 90 percent of tech companies experienced fraud in the past 12 months, and 97 percent reported that they felt the financial impact of this fraud.
High on the list of security fears many companies have is the risk of account takeovers, or ATOs, with 79 percent reporting they are "extremely or very concerned" about these kinds of attacks. Out of those that experienced ATOs, 51 percent had financial losses.
Additionally, these kinds of hacks impacted user trust in the company, with 42 percent of these businesses saying they lost customers after an ATO attack. An equal number reported "damage" to their "brands" as the result of an ATO.
Moving beyond passwords
Security is clearly a pressing concern for companies and consumers alike, so why is it taking so long to find a solution? Disraeli stressed that it's difficult for companies to quickly move to new systems -- and security measures are always a work in progress.
"It takes awhile. Ultimately, the most secure methods are going to involve a company balancing its user experience, with assessing effectiveness, assessing the cost. Multiple things are taken into account," he said.
What are the most promising alternatives?
A large majority of companies surveyed -- 85 percent -- say they'll be using two-factor authentication in the next 12 months. TeleSign reports that 92 percent of security experts have faith in this level of security, saying it "significantly increases" security when used in addition to standard passwords.
The study also found that nine in 10 companies think behavioral biometrics would be "extremely or very valuable" for improving security. This form of biometric security differs from physical biometrics -- simple fingerprints or iris scans, for instance -- in that it involves patterns derived from people's specific behavior, such as a signature or "typing recognition."
About 54 percent of companies surveyed plan to use a form of behavioral biometric security in 2016 or later.
It may take some adjustment for consumers to get up to speed on new methods of security after decades of using the tried-and-true password.
Another TeleSign study released last year suggests just how much of a challenge it may be to get consumers to up their security game. Even though 80 percent said they worried about online security, almost three-quarters admitted they reuse the same password on multiple accounts, and many keep the same password for years on end -- big security no-no's.
Two-thirds of consumers said they wanted companies to give them an added "layer of security" to protect their personal information.
"It's an exciting time for the security space," Disraeli added. "I think the landscape of what we are seeing right now will look dramatically different in the next eight to 10 years."
