Over time, young people have become accustomed to handling large amounts of sensitive data on their smartphones.
In one survey undertaken by tech firm Transmit Security and reported in a press release published by Business Wire, it was found that, of more than 600 Gen Zers in the US, 85.3% were using a mobile phone to do at least some of their online shopping.
Meanwhile, 83.3% were using a smartphone for logging into their banking accounts and payment systems. However, for people of all generations, putting smartphones to these purposes can pose security risks if a password is routinely used for authentication.
What’s wrong with the humble password?
In many instances, a security risk arises more with how the password is used than the password itself. According to “many data breaches” mentioned by CyberNews, the most popular passwords worldwide remain easily guessable, like “password” and “123456”.
Many people are evidently willing to compromise their online security for the convenience of being able to more quickly remember their password when prompted to input it. However, the rise of ‘passwordless authentication’ has enabled more and more people to simplify their smartphone login experiences without needlessly curbing their security as a result.
In a nutshell, what is passwordless authentication?
It can be simply described as authentication where data other than a password is used for the purpose. You might already have regularly used a biometric scanner – such as a fingerprint reader or facial recognition system – to log into your smartphone.
However, many other methods of passwordless authentication abound. For example, some online services might let you log in through entering a code they send you beforehand by email or SMS text. Then there are authenticator apps – which, when you want to log in somewhere, can generate a digit sequence that would be valid for you to use just once for logging in.
Is passwordless authentication itself risky?
Another form of passwordless authentication relies on the use of a hardware token – which, like an authenticator app, can produce a new set of digits for each login attempt but, unlike this app, is a piece of hardware separate to the one on which you would be logging in. Therefore, losing or breaking this token could obviously throw up a lot of inconveniences.
Meanwhile, biometric scanners can be far from uniform in the security standards to which they adhere. Just consider the example of the Samsung Galaxy S10’s facial recognition – which, as Tom’s Guide points out, can be fooled with just a photo or video of the smartphone user.
Fortunately, the Face ID facial recognition technology built into iPhones is safer, as it uses dual cameras and infrared cameras to capture a three-dimensional model of your face.
You could also take comfort from investing in a phone using a more rudimentary – and thus also more proven – form of biometric authentication. Many Asus phones, for example, offer fingerprint scanners – and getting hold of a handset integrated with this kind of technology is not as expensive as you might have expected.