Passwords are a ubiquitous log-in method, and users still largely depend on them to secure their accounts. Many users manage multiple accounts on their mobiles and desktops across e-commerce, entertainment, banking, and work profiles. These numerous accounts mean that users must set, and keep track of multiple passwords, which is a daunting task.
Consumers are also continuously encouraged to change their passwords regularly, use special characters, and avoid using their date of birth as a pin code to protect themselves from being defrauded. Interestingly, a 2021 report revealed that among the most common passwords in the UAE and Saudi Arabia are “password” and “123456”.
Moreover, passwords have enjoyed wide adoption across businesses and consumers owing to their simplicity and seeming infallibility.
Despite the common knowledge of real risks associated with weak password use, many enterprises resist change. Instead, they continue to use outdated security measures unfit for the digital age and leave consumers vulnerable to scams.
While banks may use two-factor authentication (2FA) to mitigate this risk, both 2FA and passwords are inherently flawed in providing effective security and sophisticated fraudsters have found ways around these antiquated verification methods. Thus, banks really need to broaden their security strategies to stay competitive in the fight against crime.
In an age where breaches and cyberattacks are rampant, organisations must preserve their consumer’s digital identities, and this starts with understanding the weakness of passwords as an authentication method.
An analog technology in a digital world
There is a misalignment between the security measures and the technology required to combat existing cybercrime.
The traditional password is a 60-year-old innovation designed for an analog world, easily forgotten or lost, very easily stolen and compromised. The reality is that passwords weren’t developed for the digital age. Passwords are a single point of vulnerability that cybercriminals can exploit to gain access to accounts and entire systems.
Relying on the digitised versions of outdated processes such as usernames and passwords is fuelling the rise in scams and fraud by creating opportunities ripe for cyber-attackers.
Beyond passwords
Businesses must increasingly look beyond password security and strive to integrate digital-first authentication and verification technologies to boost user confidence in digital transactions and interactions, such as behavioural biometrics.
This privacy-preserving system authenticates users using accessible and inclusive techniques. Instead of being a digitised version of an analog procedure, the system utilises contextual data to validate actual users, such as location or typing patterns. Because of the various layers of intelligence, there is no single point of failure, and changes in behaviour can be addressed swiftly.
Behavioural biometrics is also frictionless and allows habits to be studied in real-time in the user journey. As a result, it is valuable at any stage of the user experience, whether at login or later on.
Behavioural biometrics are also preferable because they are muscle memory based and so can be changed by the user if information is compromised, in contrast, if their facial biometrics data is compromised, they cannot change their face.
On top of this behavioural identification, organisations layer the principles of data obfuscation and minimisation. The volume of personally identifiable data that is shared to guarantee identity is minimised to secure communications and protect user privacy at the same time. A layered approach to securing digital identities offers an effective solution without invading individual user privacy, and without increasing friction in the user experience.
Establishing user confidence and creating digital trust
Callsign’s research has highlighted that a quarter of consumers globally receive more messages from fraudsters than friends and families, with about half (49.8 percent) of middle eastern consumers stating that they trust organisations less after receiving a scam message.
According to the findings, not enough is being done to secure our digital identities, making it more challenging to develop digital trust between organisations and customers.
As more people go online, this will become increasingly vital. Organisations that succeed digitally will recognise identity is part of every online interaction.
Therefore, businesses should consider shifting their security tactics away from passwords and toward identification and verification approaches appropriate for today’s digital age. The benefits of embracing alternative technologies such as behavioural biometrics both companies and individuals are numerous, and by doing so, they can better experience enhanced digital trust and retain consumers in an increasingly competitive commercial landscape.
Saeed Ahmad is the managing director for the Middle East and North Africa at Callsign.
