• Home
  • >
  • News
  • >
  • Passwords, PINs and biometrics

Passwords, PINs and biometrics

23 March 2018

Online loans provider 247Moneybox.com is committed to processing customer data using the latest cutting-edge security techniques and methods. The firm has been researching and developing biometric data security tools to enable its customers to interact with the lender in an even more secure way whilst also reducing the friction of use often associated with high levels of data security.

The goal of minimising risk from cybercrime is not a new one nor is it unique to the firm, however what is clear is that with increasingly sophisticated hackers and criminals out there, the arms race for more secure passwords and pins is becoming untenable.

Data manager Simon Mandle explains: "We all know we need to pick complex, hard to guess passwords, however over recent years the base level requirement to stay safe online requires us to remember numerous site-specific passwords. The passwords themselves must have at least 8 characters (upper case and lower case), numbers and special characters. What's more, many sites require you to change your password regularly. The upshot being we are constantly having to hit the "forgot password" link. Pressing this button means we then have to fiddle around closing browsers opening text messages etc. Nightmare. This is what lead us to initiate our biometric project."

Along with passwords, the firm uses pin numbers to verify an applicant's mobile phone during the application process. Pins are nothing new especially since the first ATM and credit cards have been on the scene for many decades. As such it is alarming the types of numbers customers choose. Why alarming? Well research out there shows that almost 1 in 10 people have the same pin number for the debit cards, credit cards, telephone banking and email passwords. And that number is? 1234.

Pretty shocking. Now the firm is by no means suggesting if you find a card on the floor that you stick it in the hole in the wall and chance your arm, but in theory there are 10,000 possible four-digit combinations the numbers 0 to 9 can be arranged into, and if members of the public choose a number at random that would offer a reasonable level of protection. What's clear though is that people, however, tend to the line of least resistance and choose an easy to remember number. The lender is keen to point out that this is logical especially as we are always told not to write anything sensitive like a pin or password down, but this unoriginality leaves them vulnerable.

So how does one select an unmemorable pin? Well the lender believes it is about thinking like a thief. Dates provide a rich seam of pin numbers; however, it is clear that your own birthday is off limits. This is because many of us carry our drivers licence in our wallets or share this information online. Both are incredibly easy to piece together. Next avoid dates that are significant and think about the country you are residing in. For example, if you are English, 1966, 1666 and 1066 are ones to avoid. If you are from the US for example 1776 might be too easy to guess too.

So what is biometrics all about and how does it apply to security? Well in a nutshell, biometric security applications use and analyse the unique characteristics of an individual e.g. the voice pattern, the iris or retina pattern of the eye, or fingerprint patterns. To fool these systems is not straightforward, however, as with all security nothing is 100% flawless.



Biometrics can make effective passwords

So what are these flaws? Well identical twins create a number of issues to explore. Only last year a BBC reporter and his identical twin fooled a major bank's voice recognition password. The software, as reported by the bank, used numerous traits to assess the individuality of the voice such as the size and shape of your mouth and how fast one speaks. As you would expect with identical twins the physical characteristics that were analysed were sufficiently similar to achieve the desired matching level and grant access to its systems.

Other flaws in biometric authentication include a leading phone manufacturer who uses facial recognition as an unlocking tool. However, there are issues. Twins, siblings and even doppelgängers can cause false authentications. Also, as children grow, their faces change and this morphing can cause the system to fail locking them out.

However, we shouldn't let teething issues stand in the way of progress. Technology will improve and systems will become more secure as a result. What is important is that security, accessibility and convenience are given equal consideration by developers, engineers and product designers. Where this balance gets out of whack is when problems are created. Although it's not as glamorous perhaps, security is of vital importance to a healthy digital economy.

Remembering a suite of passwords and pins is not really possible and the secure apps we have for storing them also require a password and can slow the login process down considerably. Some systems use a combination of biometrics and passwords which maybe the solution for now.

On the rise at the moment are voice assistants whereby you say a command after using the "wake" word. Where this assistant is privy to private or sensitive information then voice recognition is really the only viable security function as calling out a pin or password kind of defeats the object if everyone in the room can hear!