Image: Wikimedia Image: Wikimedia

It’s always been widely accepted that the more complicated we can make our passwords, the better. But the world was recently taken aback when it seems that this advice may be misleading. So when it comes to passwords and keeping ourselves safe online, what are the new tips, tricks and methods evolving? Karen Wheeler, Country Manager and Vice President, Affinion UK, considers what the future holds for passwords…

The world was taken aback recently when Bill Burr, who wrote what is considered the “bible” on password security in 2003 while working for the US Government, admitted that he got it completely wrong. For years the accepted wisdom has been that the more complicated our passwords, the better. But Bill now believes that this actually puts us more at risk, as we’ll use the same password repeatedly or write them down on post-it notes.

This comes at a time when online security has never been under more scrutiny, with new Cifas figures revealing 89,000 cases of fraud were recorded in the first six months of the year, a 5% rise compared to 2016 and a new record high.

But the good news is there are big advances being made to offer customers more sophisticated ways to keep safe online, particularly on their smartphones. So what are these methods, and what does the future hold?

The smartphone - a goldmine for criminals

Mobile wallet apps have taken off in recent years; Apple Pay, Samsung Pay and Android Pay all allow consumers to pay and store bank details on their phones. Consequently, smartphones have increasingly become a security ‘hub’ for consumers, collating and storing a broad range of valuable personal information. It’s this consolidation of data that makes smartphones so attractive to modern-day cyber criminals.

Social media channels also offer the opportunity for fraudsters to access our personal information, as we openly reveal details such as our birthday and whereabouts, making our lives more public and accessible than ever before. With Cifas revealing that fraudsters are actively trawling social media channels to gather personal information such as this, it’s clear that a relaxed attitude to what we reveal can leave us vulnerable.

Passwords have limitations

It’s important that customers understand passwords do not confirm the identity of the user; instead they simply accept the user has the right credential so is therefore likely to be the person they say they are. With Fujitsu revealing that 61 per cent of people reuse passwords, just one lapse in attention could mean a hacker has access to our personal accounts. .

Whilst two-factor privacy authentication is currently being driven via mobile, meaning customers can now move money/pay bills without any other form of authentication being required, there is more sophisticated technology on the horizon for mobile security.

Biometrics – the future of authentication?

Looking ahead, it’s clear that passwords and questions reliant on memory such as, ‘what was the name of your first pet?’ may become a thing of the past.

Biometric authentication processes means person can only confirm their identity by biological traits, making it hard to steal and impossible to forget.

It doesn’t matter if a criminal has a consumer’s smartphone, tablet or sensitive log-in details – without their retina scan or finger print they will not be able to access systems or authorise transactions. You can’t guess a fingerprint.

And consumers are embracing this enhanced security; Gemalto’s recent report on building trust in mobile apps found that over half of those surveyed believed a fingerprint reader on their smartphone would significantly protect them.

It’s all in the eyes

Facial and iris recognition techniques are also becoming popular methods of improving mobile security. MasterCard has developed a tool that grants purchasing verification by face recognition via the mobile app Identity Check Mobile.

The Samsung Galaxy S8 also offers facial recognition which allows consumers to unlock their phones. However, in its disclaimer, Samsung warns that by using facial recognition a phone could be unlocked by someone that looks like its owner. Clearly, although customer confidence in biometrics is relatively high, there are concerns to be addressed.

Iris scanning offers a new level of sophistication; there are 225 different comparative features in an iris, compared to a fingerprint’s 40, making the recognition far more reliable. Students at California State University Fullerton have been exploring this with their biometric research into how retinas and 3D face images can push the boundaries of password-based mobile security.

Back to basics: offer advice

However, in a time of crisis, customers still value advice and guidance from their providers. Whether it’s regarding strange transactions on a banking app, or seeking reassurance on an email from their mobile phone provider which doesn’t seem quite right. By giving consumers the information necessary to make better mobile security and fraud prevention choices, backed up by relevant and knowledgeable support in times of crisis, brands can enhance their reputation amongst existing and potential customers.

For example, setting up a 24/7 helpline that provides customers with advice and peace of mind, or by advising them to only use official app stores, update their operating systems regularly, fine-tune app permissions or investigate public wi-fi before logging in. This everyday practical guidance could empower customers to be a little more careful and wary about protecting their personal information.

Mobile security is a real and global threat that is only growing. As security processes become more advanced, industries such as banks and telcos have the chance to see security issues not as a challenge, but as an opportunity.

Karen Wheeler biography:

Karen is a B2B specialist with more than 20 years’ experience in the financial services sector, primarily in retail banking and general insurance. In her role as UK Country Manager and Vice President at Affinion, Karen provides strategic leadership advice to the UK team and is responsible for driving and delivering commercial growth through both new and existing business.