Passwords are the most widely used online authentication method in practice. More precisely, username/password authentication is an example of single-factor authentication (something the user knows). This method of login was introduced in 1961 as a means to “identify” a user on one of the first multiuser computing systems. Imagine a time, when there were a few users with one account each.
Now, according to studies the average computer user has approximately 25 online accounts and uses 6-7 passwords spread across various accounts. The convenience of what-you-know has been displaced by lists in your desk drawer and the continuous need to click the “forgot your password?” button.
The language around authentication being a means of identifying a user has been destroyed by the explosion of the Internet. Passwords don’t identify a person; they verify that somebody knows something. This is both a convenience for those who share an account and a liability for those with precious data to protect.
The liability of username/passwords stems from the anonymity inherent with easily passed information. While username/password account protection is appropriate for accessing my online recipe files, it has proven to be recipe for expensive data breaches at many a financial company.
The Total Cost of Ownership (TCO) of password authentication, including losses due the security lapses, is hard to compute. For many companies passwords are not attractive to protect high value transactions and data in the aftermath of a breach. Loss of reputation, customers and cold-hard-cash can far outweigh the cost of better authentication.
Companies must have authentication that provides proof of identity for many transactions.
The Veritrix Multichannel, Multifactor Authentication includes Audio/Visual (A/V) speech recognition, voice recognition, face recognition, OOB communications and a random phrase unique to the login attempt. The use of face recognition insures the malicious insider knows they are identified as they speak. The use of speech recognition insures no copies are accepted.
These and other implementation details insure it’s the user and only the user.