Vendors
日本語
search
  2. //
  3. Reports & insights
  4. //
  5. Goodbye Passwords!

Goodbye Passwords!

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
13 November 2013
Jacob Jegher
I wish. It would be great if we could make the password a thing of the past, but alas we are still reliant on this old school approach. The password as we know it will eventually be a thing of the past, and multifactor authentication will evolve with it. One of the better articles I have read in the past year on this topic is, Kill the Password: Why a String of Characters Can’t Protect Us Anymore. The article explains how Mat Honan, a senior writer at Wired, had his entire digital life destroyed in the span of an hour. This is a highly relevant topic for banks as customers continue to make use of the good old password. What's next? Capital One has taken a crack at replacing the password with a swipe gesture, a concept I have been talking about for some time now. Is it foolproof? Let's be clear - nothing is foolproof. If it was built by humans it can be breached by humans. With that said, progress is a good thing, and we are starting to move beyond classic authentication. Mobile is very much a catalyst for this.

Comments

  • And the next person that handles the phone will easily just retrace the path of the finger smudges left on the glass to log in. Great idea!

  • This is a known issue with this type of approach.
    http://news.cnet.com/8301-30685_3-57377224-264/reverse-smudge-engineering-foils-android-unlock-security/
    It is however far easier said than done depending on type of pattern being enforced. In my opinion banks should use a strong pattern. In other words a simple shape or swipe won't do it. A minimum number of dots to trace over would be required and that can make it more difficult to figure out.

    The motivation behind this post is to show that there are alternatives to the good old password, and I am encouraged by banks trying out different methods in layered security environments.

  • […] asked by Wired Magazine in November of 2012, and something that has been on the mind of Celent for quite some time. Finovate produced no shortage of companies looking to innovate on financial security.  Finovate […]