{"id":6665,"date":"2013-01-09T08:35:24","date_gmt":"2013-01-09T13:35:24","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=6665"},"modified":"2013-01-09T13:44:52","modified_gmt":"2013-01-09T18:44:52","slug":"passwords-enough-alternatives","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2013\/01\/passwords-enough-alternatives\/","title":{"rendered":"When passwords are not enough: alternatives to consider"},"content":{"rendered":"<p><em>Three alternatives to passwords, which can be\u00a0used to increase the security of\u00a0critical resources, are examined..<\/em><\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6667\" data-permalink=\"https:\/\/ict-pulse.com\/2013\/01\/passwords-enough-alternatives\/login-with-username-password-by-digitalart-freedigitalphoyos-net\/\" data-orig-file=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Login-With-Username-Password-by-digitalart-FreeDigitalPhoyos.net_-e1357734658310.jpg?fit=290%2C195&amp;ssl=1\" data-orig-size=\"290,195\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;}\" data-image-title=\"Login With Username Password by digitalart (FreeDigitalPhoyos.net)\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Login-With-Username-Password-by-digitalart-FreeDigitalPhoyos.net_-e1357734658310.jpg?fit=290%2C195&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Login-With-Username-Password-by-digitalart-FreeDigitalPhoyos.net_-e1357734658310.jpg?fit=290%2C195&amp;ssl=1\" class=\"alignleft  wp-image-6667\" alt=\"Login With Username Password by digitalart (FreeDigitalPhoyos.net)\" src=\"https:\/\/i0.wp.com\/www.ict-pulse.com\/wp-content\/uploads\/2013\/01\/Login-With-Username-Password-by-digitalart-FreeDigitalPhoyos.net_-e1357734658310.jpg?resize=186%2C125\" width=\"186\" height=\"125\" \/>In a number of\u00a0our earlier\u00a0posts, particularly those dealing with privacy and security, we do remind everyone set strong passwords \u2013 see for example, <a title=\"How secure are your passwords?\" href=\"http:\/\/www.ict-pulse.com\/2012\/06\/how-secure-are-your-passwords\/\" target=\"_blank\"><b><i>How secure are your passwords?<\/i><\/b><\/a>\u00a0\u00a0However, due to considerable\u00a0processing power and software programmes that is readily available for those that might want to breach our security, industry experts have acknowledged that regardless of our best efforts generate and manage strong passwords, they can still be cracked relatively easily. This post highlights options that could be considered when passwords and passcodes\u00a0should not be the sole security control mechanism for crucial physical and electronic resources upon which we rely.<\/p>\n<h3>Biometric authentication<\/h3>\n<p>Biometric authentication has been around for several years and is based\u00a0on using human characteristics or traits to confirm a person\u2019s identification. Many of us are familiar with biometrics through movies, which frequently\u00a0show irises, retinas and fingerprints being are scanned, or even when travelling to countries such as to the United States, where facial recognition and fingerprinting are used\u00a0at Immigration\/Border Control. However, a number of mass market computing devices, such as laptops and smartphones, either have built-in biometric capabilities, or there are hardware\u00a0or software options through which it can be implemented, as highlighted below:<\/p>\n<ul>\n<li><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6668\" data-permalink=\"https:\/\/ict-pulse.com\/2013\/01\/passwords-enough-alternatives\/scanning-finger-on-touch-screen-by-twobee-freedigitalphotos-net\/\" data-orig-file=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Scanning-Finger-On-Touch-Screen-by-twobee-FreeDigitalPhotos.net_.jpg?fit=373%2C400&amp;ssl=1\" data-orig-size=\"373,400\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;}\" data-image-title=\"Scanning Finger On Touch Screen by twobee (FreeDigitalPhotos.net)\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Scanning-Finger-On-Touch-Screen-by-twobee-FreeDigitalPhotos.net_.jpg?fit=279%2C300&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Scanning-Finger-On-Touch-Screen-by-twobee-FreeDigitalPhotos.net_.jpg?fit=373%2C400&amp;ssl=1\" class=\"alignright  wp-image-6668\" alt=\"Scanning Finger On Touch Screen by twobee (FreeDigitalPhotos.net)\" src=\"https:\/\/i0.wp.com\/www.ict-pulse.com\/wp-content\/uploads\/2013\/01\/Scanning-Finger-On-Touch-Screen-by-twobee-FreeDigitalPhotos.net_.jpg?resize=224%2C240\" width=\"224\" height=\"240\" srcset=\"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Scanning-Finger-On-Touch-Screen-by-twobee-FreeDigitalPhotos.net_.jpg?w=373&amp;ssl=1 373w, https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/01\/Scanning-Finger-On-Touch-Screen-by-twobee-FreeDigitalPhotos.net_.jpg?resize=279%2C300&amp;ssl=1 279w\" sizes=\"(max-width: 224px) 100vw, 224px\" \/>Many of the popular laptop brands (e.g. IBM\/Lenova, Toshiba, Dell) have had biometric fingerprint scanners capability available and integrated into their design for a number of years.<\/li>\n<li>There are biometric mobile apps for both the iPhone and Android-based smartphones on the market that use iris, voice, facial, hand geometry and signature recognition.<\/li>\n<li><a href=\"http:\/\/www.precisebiometrics.com\/tactivo%E2%84%A2-smart-card-and-fingerprint-sensor-iphone\" target=\"_blank\">Tactivo<\/a>\u00a0is case the iPhone that provides fingerprint scanning and smartcard\u00a0reading capabilities, which can be\u00a0implemented separately, or together. However, the price point\u00a0for this accessory (MSRP USD 249.00) might make it more attractive to businesses\/enterprises, than to the average consumer.<\/li>\n<li>Apple has patented a fingerprint scanner to unlock the iPhone. Experts hope will be included in the next device iteration, iPhone 6 (Source: <a href=\"http:\/\/www.techradar.com\/news\/phone-and-communications\/mobile-phones\/apple-patents-fingerprint-sensor-for-biometric-iphone-unlock-1104176\" target=\"_blank\">TechRadar<\/a>).<\/li>\n<\/ul>\n<h3>Passphrases<\/h3>\n<p>Unlike passwords that typically are between six and 14 characters, a passphrase\u00a0consists of a series of words or text that are used\u00a0for security control purposes. One of the key benefits of passphrases\u00a0over passwords is that the considerable\u00a0longer length of the code allows for increased complexity, which at the very least, can make successful breach more difficult. \u00a0However, in order to\u00a0be a marked improvement over passwords, at a minimum, passphrases ought to be:<\/p>\n<ul>\n<li>Long, at least 20 characters, so that they would hard to guess,<\/li>\n<li>not a popular quotation or saying<\/li>\n<li>hard for persons who know to guess, and<\/li>\n<li>include a combination of numbers, upper and case letters, and symbols, as the system might allow.<\/li>\n<\/ul>\n<p>It also is important to highlight that similar to\u00a0passwords, passphrases\u00a0should easy to remember, and should not be reused between websites, applications, etc.<\/p>\n<h3>Authentication tokens<\/h3>\n<p>Security or authentication tokens are used\u00a0to confirm a person\u2019s identity, and can be\u00a0used to replace passwords or to add an extra level of the security to an existing system. These tokens can take many forms, such as hardware-based, as a smart card or USB dongle, or electronically generated, and transmitted (with wireless encryption) to mobile or portable devices. Additionally, regarding electronic tokens, in particular, there is the potential to generate new security keys as and when necessary, e.g. for each new transaction, which again reduces the likelihood of successful intrusion.<\/p>\n<p>Authentication tokens are widely used by the banking industry to supplement the customer password. A few banks in the Caribbean have already introduced this level of security, but this is still the exception, rather than the norm. The video clip below describes how the security token for Citi\u00a0works, where customers are provided with a physical device that generates the tokens needed to complete their online transactions.<\/p>\n<p><iframe loading=\"lazy\" src=\"http:\/\/www.youtube.com\/embed\/UdVxxsi0PCk\" height=\"315\" width=\"560\" allowfullscreen=\"\" frameborder=\"0\"><\/iframe><\/p>\n<h3>Putting the pieces together<\/h3>\n<p>The above alternatives to the password all have distinct advantages, which can strengthen the security of\u00a0devices and electronic accounts that need to be\u00a0protected. However, it ought to be\u00a0appreciated that none of these alternatives, like passwords, are infallible. They must still be prudently managed and controlled to limit the chances of successful interception or intrusion.<\/p>\n<p>Nevertheless, and for resources we can consider highly valuable, it might be worth considering implementing a two-\u00a0(or multi-) stage access control protocol, where one or more of the above options could be used to supplement passwords or passcodes. We, as individual users, can implement\u00a0some of these options straightaway, such as using biometric authentication and passphrases. In some instances, it may require\u00a0enhanced features of your device or account to be enabled, or an app and\/or accessory be purchased.<\/p>\n<p>While some of us may baulk\u00a0at the thought of having to spend money on device or account security, and world prefer\u00a0to rely on free products and services, it might indeed to appropriate to remember: <em>&#8220;you get what you pay for&#8221;<\/em>. Hence depending on how critical we consider the information or devices we are trying to protect, greater personal effort and commitment might be necessary.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Image credits:\u00a0 digitalart; twobee \/ <a href=\"http:\/\/www.freedigitalphotos.net\" target=\"_blank\">FreeDigitalPhotos.net<\/a><\/em><\/p>\n<p>________________<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Three alternatives to passwords, which can be\u00a0used to increase the security of\u00a0critical resources, are examined.. In a number of\u00a0our earlier\u00a0posts, particularly those dealing with privacy and security, we do remind [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[27,11,75],"tags":[105,38,36,39,41],"class_list":["post-6665","post","type-post","status-publish","format-standard","hentry","category-computing","category-ict-tech","category-tools-2","tag-cybercrimecybersecurity","tag-data-protection","tag-devices","tag-equipment-security","tag-privacy","et-doesnt-have-format-content","et_post_format-et-post-format-standard"],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2iE1G-1Jv","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/6665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/comments?post=6665"}],"version-history":[{"count":11,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/6665\/revisions"}],"predecessor-version":[{"id":6679,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/6665\/revisions\/6679"}],"wp:attachment":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/media?parent=6665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/categories?post=6665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/tags?post=6665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}