Passwords: a false sense of security

The days of the password are numbered. The latest development demonstrating this is Mastercard and Visa's plan to ditch their 3D secure authentication system. At the moment, when customers make a purchase online either using a debit or credit card from Mastercard or Visa, they are greeted by an extra security step. Users are required to complete a pop up box that requests verification in the form of a 'static' password. Passwords not the anwser to security

Visa and Mastercard plan to drop this system by the end of 2015 and instead use forms on 'invisible' authentication. Ajay Bhalla, president of enterprise security solutions at MasterCard, said:

"We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses."

The philosophy of Ensygnia is right in line with these changes. We've talked on more than one occasion in the past about the vulnerabilities and frustrations passwords bring to the user experience. Security should not come at the expense of ease and convenience for customers.

Visa and Mastercard propose a switch to two-factor authentication methods, one time passwords or possibly a biometric test, such as fingerprints, voice or face recognition, and maybe even a wristband that monitors cardiac rhythm.

I think Ajay of Mastercard hit it on the head when he says Mastercard 'want to identify people' however. And what better way of identifying people than via their smartphone. I certainly don't think we need another device like a wristband when my smartphone already does a more than satisfactory job of identification.

We believe in device-based authentication at Ensygnia as a means of eradicating usernames and passwords. Combine that with encryption and tokenization and you've got the security solution we so believe in. And it seems the likes of Mastercard and Visa are recognising that latter aspect too.

Hopefully passwords will soon be a long gone issue. They're are just too cumbersome from the users' perspective - what with the requirement of unique and complex ones for myriad sites and log-ins. And from the perspective of business, they all too often throw up barriers that stop them from interacting with their customers, costing them sales and engagement.

Instead of remembering a username and password when you need to log into something, or giving a social media company permission to know even more of your activity, how about one simple scan? That would be nice.

By Matthew Taylor

14th November 2014

Related stories around the web

Mastercard and Visa to kill off password authentication - The Telegraph

Mastercard lays out plan to end traditional passwords for mobile payments - Mobile World Live

Mastercard and Visa to kill off password authentication - Raymond Lee

Amex, Mastercard and Visa join forces on mobile payments - Mobile World Live