View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Windows 10 won’t be the death of passwords

Guillaume Desnoes, Head of European Markets at Dashlane, discusses the security enhancements in the much anticipated Windows 10.

By Cbr Rolling Blog

Back in 2004 Bill Gates predicted the death of the password, the reason for their downfall being that they are unable to ‘meet the challenge’ of keeping data secure. Fast forward eleven years and some may speculate that this has finally come to fruition.

With the launch of Microsoft’s Windows 10 last night came the announcement of Windows Hello – a new security feature based wholly on biometric authentication. Users are able to unlock their devices through facial recognition, and iris and fingerprint scanners – apparently rendering pin codes and passwords obsolete. But can biometrics really replace passwords?

Biometric security definitely has its merits. It’s main advantage is that it solves both identification (assessing your identity) and authentication (confirming your right to access something). On paper, it is a great tool to prevent identity theft and various kind of frauds. But it does have its limitations.

Firstly, biometric authentication can be hacked as any other form of authentication. In late 2014, hackers from the Chaos Computer Club obtained high-res photos of the German Defense Minister’s fingerprint and reconstructed an accurate print that fooled fingerprint based security systems. And unlike passwords, biometric data that has been stolen cannot be changed: you cannot replace your stolen fingerprints with a new set.

Even worse, if all of your accounts were protected by the same stolen biometrics information, they would all become vulnerable simultaneously. Biometrics authentication also has other major limitations: it cannot be shared and cannot be made anonymous. Sharing login data, or using them anonymously is something more and more Internet users do.

Biometric methods do makes sense as an additional authentication factor but as we are starting to see, they also have strong limitations that make them an unlikely successor to passwords. Whereas, passwords, if used correctly (one strong unique password per website), have a number of advantages:
– They can be shared, which is a necessity both within families and teams at work. Think about the Netflix account at home or the corporate Twitter account in a company. You cannot share your fingers or your eyes with someone else
– They can be stolen but if you use one unique password per website, the damage does not spread to other websites, as opposed to unique biometric data which is by definition the same everywhere
– They preserve anonymity, which is a key attribute of the Internet. Think about Twitter without anonymity

Any move to boost consumers’ online security, such as Windows Hello, is obviously welcomed. But until the benefits of biometric authentication incorporate and improve on those of a password, it won’t replace password as the de facto standard of online security. The benefits must also generously offset the cost of switching from passwords to biometric authentication, and a sufficient amount of time also needs to pass for massive universal adoption it.

Content from our partners
Five key challenges facing the fashion industry
<strong>How to get the best of both worlds in the hybrid cloud</strong>
The key to good corporate cybersecurity is defence in depth

Of course humans can no longer perform all the tasks related to safe password management: random generation, encrypted storage, memorization, changing passwords. We just have too many accounts and too many devices for that – the average UK consumer now has over 100, which is set to almost double by 2020. That’s why more and more Internet users are relying on tools like a password manager that can do this for them.

Some see passwords as a temporary system that will be replaced by a very sophisticated authentication system very soon. That may be true but by the time we get there, we will all have been hacked many times over.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.