Digital Transactions Authoritative, insightful and timely information for payments professionals
Who among us hasn’t, at one time or another, sat in abject frustration as a Web site demanded a user name and password that we simply can’t recall. Most of the time, the information we’re trying to access isn’t crucial, so we can simply move on to something else. But there are times when it is. So then, surrendering to our fate, we click on “Forgot Password?” and go through the bother of a reset.
How many of us avoid this problem of faulty recall by simply using the same password for every site? An elegant solution, to be sure, but it makes security experts cringe. Better to use a unique password each time, and make it as complicated as possible, with an intimidating combo of letters, numbers, and obscure symbols. Then we scrawl those critical keys to the kingdom on a sheet of paper—or type them into a spreadsheet—for future reference. Another practice that exasperates the security experts.
Small wonder passwords have become increasingly useless as guardians of our privacy, of our financial information, and of our online-payment pages. To make matters worse, our personal habits in remembering and protecting our passwords matter less and less as massive data breaches siphon thousands of them into the hands of cyber thieves.
So, what do about passwords? In “Passwords Are Passé,” in this issue, correspondent Peter Lucas shows how passwords have become problematic for protecting payments routines and explains what those security experts are proposing instead.
Solutions have been proposed and debated before, but now indications are things are coming to a head. With the advent of mobile apps, wearable payments, and the so-called Internet of Things, there is too much value at risk to trust passwords any longer as the default security key.
Experts are looking at biometric solutions—characteristics like heart rate and fingerprints that are unique to each individual—that can be digitized and locked and unlocked in secure ways. The Fast IDentity Online (FIDO) Alliance, a group that claims a number of major payments companies as members, has led the way in creating standards for these alternative solutions.
It’s time, indeed it’s past time, to get past passwords. The alternatives, and specifications for their use, have arrived. Major networks like MasterCard and Visa have already begun to adopt biometrics—the former famously so back in February with its Identity Check solution, dubbed “Selfie Pay” by the general press, which feeds biometric data like facial characteristics back to issuers to help authorize online transactions.
Those of us who are struggling to recall multiple passwords would just like to see the industry moving a little faster.
—John Stewart, Editor, john@digitaltransactions.net
