These apps can track user activity and target you with advertising based on your clicks. In addition, social logins are notorious for data collection and sharing practices. If a social site experiences data theft, those who’ve reused the same passwords will likely have multiple compromised accounts. Hackers that target Facebook, LinkedIn and other accounts, can expose millions of user credentials at a time. The problems: social logins are still built on top of passwords. The idea is to provide a convenient alternative to mandatory account creation. Facebook Login, Google Sign-In and similar options from LinkedIn, Microsoft and Apple) leverage existing accounts to simplify registrations and logins on third-party apps and platforms.
#PASSWORDBOX ALTERNATIVE PASSWORD#
These password alternatives were designed many years ago for the workforce, not consumers who want to access your digital properties. The problems: hardware tokens are costly to provision, lack scalability and are easy to lose.
Some tokens store cryptographic keys that generate a digital signature or biometric data. The concept: security keys, smart cards or PINs are small hardware devices used to gain access to workstations or restricted resources. They do offer more protection against phishing attacks than passphrases and KBAs, but they are not impervious to sophisticated hacks. The problems: OTPs can be intercepted by man-in-the-middle or SIM swap attacks.
#PASSWORDBOX ALTERNATIVE CODE#
The OTP authenticates the user’s identity by sending a code to the registered phone number or email address, a way of proving possession. The concept: OTPs sent via SMS texts, push messages or emails are another form of authentication that can be used as a single factor or 2FA added on top of passwords. I’ve had to ask myself, “Did I use my best friend’s nickname, her maiden name or her married name?” It creates yet another bad experience. Ironically, some of us forget how we first answered our own questions. Answers to, “What’s the name of your childhood best friend?” or “Where did you meet your spouse?” could be easily found on the Internet. The problems: most KBAs can be answered by anyone who looks at your social media pages. In most cases, KBAs are based on a pre-agreed set of questions and answers. It’s a simple form of two-factor authentication (2FA) added on top of passwords. The concept: open-ended questions are designed to prove the identity of someone accessing an account or recovering credentials. As we’ve already mentioned, it’s easy to forget and lockouts are a hassle. It’s also a poor experience when customers are expected to remember complex passphrases (and change them regularly) for dozens of accounts. In 2020, 74% of companies fell prey to phishing according to a survey by Ivanti. It doesn’t matter how complex a passphrase is. The problems: passphrases can be intercepted by hackers and do nothing to prevent phishing, which collects your login credentials by tricking you with deceptive emails and websites. A quick fix is to replace passwords with passphrases, a collection of random words in a nonsensical phrase, making it difficult for hackers to guess or brute force. The concept: hackers have proven they can take over accounts by trying common passwords, like ‘123456,’ the most popular password in 2020. These are the password alternatives to avoid, and why they fail: But until recently, all of the ‘solutions’ failed to get rid of passwords, and in most cases, they made the customer experience worse. Over time, we’ve come up with many methods for improving password security. We first started looking for password alternatives more than 20 years ago. Companies lose revenue, and some customers never come back. It’s no surprise 92% of us will abandon a purchase instead of recovering our credentials. Getting locked out is a frustrating experience, and you have to decide if it’s worth going through a reset process. We also know it’s difficult for customers to manage and remember passwords. There is also a liability and compliance aspect of managing a large database of passwords that can be stolen… This has a huge direct and indirect impact over the business and the brand.”
“ Account takeover is bad for customer experience and bad for business. Passwords can be easily stolen and used to take over customers’ accounts,” states Transmit Security co-founder Mickey Boodaei.
0 kommentar(er)
