Comment from Jason Hart, VP Cloud Solutions at SafeNet:
“It’s not surprising that Barclays is making the move away from password-based authentication for its telephone banking.We have so many passwords to remember that we choose easy-to-guess passwords, use the same passwords for several accounts, or even write down passwords where they can be easily found. So organisations need to look for alternative ways to authenticate users and bolster security. This means, not relying on basic username and password for customer authentication and adopting a holistic security strategy that offers multiple layers of protection, such as multi factor authentication and encryption.
“While biometrics can provide a convenient and alternative security mechanism, it should not be used as a single factor authentication solution. This is partly because of the fact that biometrics are not based on secrets. Your voice, your image and your fingerprint are not a secret. You leave them everywhere and they can be spoofed, with different levels of effort. So it’s important that they are used as part of a multi-factor authentication strategy.”
Comment from Chris England, Director at Okta:
“The move to abolish passwords will no doubt be welcomed by customers. Today we have so many passwords to remember, all of which have different requirements and expiration cycles. As a result, most of us suffer from “password fatigue” where we use obvious or reused passwords often written down on Post-it notes or saved in Excel files on laptops.
“We’ve reached a point where usernames and passwords alone are no longer good enough. We’ve long had single sign-on technologies to remove the complexity of remembering multiple passwords, but what if someone else gets a hold of that single username and password? Not surprisingly, multi-factor authentication– which requires two or more factors to verify legitimacy of the user – has taken off and evolved pretty substantially in the past decade and we’re now seeing authentication methods becoming as personalised and specific to the individual as the experiences they’re trying to access. At Okta, we’ve already seen a lot of organisations implementing more flexible, adaptive, people-centric authentication methods and expect to see more following in Barclays’ footsteps.”