As we close out National Cyber Security Awareness Month, one of things that continues to be top of mind and one of the tools we need to stay safe online is the password. How many passwords do you use (and therefore have to remember) on a daily basis? Two? Five? More than 10? If you’re anything like me then it’s a lot. And while password managers are better today than they’ve ever been – more secure, more intuitive, more flexible – the password situation across all of our software applications, hardware devices, social networks, etc. isn’t ideal for data protection.
Of course, the need for strong passwords is unquestionable. We’re living in an age where phishing, social engineering, and brute force DDoS attacks are commonplace. Cybercrime is no longer something that affects other people, but rather a concern we have all come to realize.
Last year alone, cybercrime cost the global economy over $450 billion. Just in the US, 72% of larger firms were attacked in the past 12 months. It’s safe to say that cybercrime is very much here to stay and the situation is only likely to get worse before it improves.
There was an article the other day about the founder of WhatsApp, Jan Koum. It revealed how he decided to use just a phone number as the primary method of logging into the messaging application because he was simply fed up with having to remember a growing number of usernames and passwords.
Now they are all doing it – Snapchat, Twitter, Facebook Messenger, to name but a few. It got me thinking whether a simple phone number could actually be used across the board instead of usernames and passwords. Could it work?
There’s no real reason why not. After all, we’ve seen some of the big social networks trying to get us to use our login credentials for their sites in different places and for different services. But it’s something that doesn’t seem to have fully caught on.
Simple Credentials – Low Network Security
So what about the humble phone number?
We’ve all got at least one we use on a regular basis and these numeric strings are pretty easy to remember – certainly easier than a host of different usernames and passwords.
The biggest issue I foresee is that of network security. We give out our phone numbers like candies – something we wouldn’t do with our social network passwords or social security numbers. In fact, our phone numbers are perhaps too easily accessible as they are inevitably plastered all over our business cards, email signatures and online directories. Does that make them a non-starter for security logins?
The bottom line is that if we are going to prevent password overload from happening, we need to decide on a unique standard identifier that can be used for all manner of applications and services. Maybe we’ll get to a point where biometric security protocols are used in a more virtual way. So, rather than just pressing your thumb on a keypad to open a door, we might be asked to scan our face, similar to the new iPhone (and yes, existing Android devices), to login to our internet banks.
Such a setup could eliminate the potential security flaws present today and overcome the issue of phone numbers being so widely accessible.
What do you think? Are we destined to be using one true ID further down the line, or will the number of usernames and passwords we have to remember simply keep increasing?