Identity theft is at an all-time high in the UK. The UK’s fraud prevention service CIFAS recorded 190,000 cases in the past year, as our increasingly digitised lives make it easier than ever for fraudsters to get their hands on our personal information.
So how should we keep our identities secure online? The first line of defence is, more often than not, a password.
But these have been in the news lately for all the wrong reasons. Facebook admitted in April that the passwords of millions of Instagram users had been leaked.
Late last year, question-and-answer website Quora was hacked with the names and email addresses of 100 million users compromised. And Yahoo! recently settled a lawsuit over the loss of data belonging to 3 billion users, including email addresses, security questions and passwords.
No wonder that Microsoft announced last year that the company planned to kill off the password, using biometrics or a special security key.
IT research firm Gartner predicts that by 2022, 60% of large businesses and almost all medium-sized companies will have cut their dependence on passwords by half.
“Passwords are the easiest approach for attackers,” says Jason Tooley, chief revenue officer at Veridium, which provides a biometric authentication service.
“People tend to use passwords that are easy to remember and therefore easy to compromise.”
Not only would getting rid of passwords improve security, it would also mean IT departments would not have to spend valuable time and money resetting forgotten passwords.
“There is an annual cost of around $200 (£150) per employee associated with using passwords, not including the lost productivity,” says Mr Tooley.
“In a large organisation that’s a really significant cost.”