How do we know people are who they say they are? This is tricky enough in the real world never-mind online. The standard approach currently to authenticating yourself online is to login with an account of some kind. Often either a Google, Facebook or Microsoft account. So if you provide your username (often an email address) and password then you’re in, we know it’s really you! This provides all the security we need because everyone uses different passwords for each of their accounts, changes them every few weeks and makes sure they are all at least 25 characters with plenty of #’s, @’s and numbers thrown in! Of course we don’t do this and passwords on their own are not sufficient.
I am curious, did you go to the link above and put in your password? The password that you use to protect all your private accounts! How do you know its even a genuine website? Just because I included it in my post? By default we are far too trusting on the web but that’s a topic for a different post.
Back to trying to prove who you are. The weakness of passwords alone is not a new discovery. There are ways to improve on this which people will be familiar with. Multi Factor Authentication is something you will likely have used at least once if not on a regular basis. For example with Office 365 you can enable MFA whereby users have to provide a username and password first and then enter a code that is sent to their mobile device. This is just one example, there are other variations. Another approach is using biometrics, something which can be used in conjunction with MFA. Back in November after 5 years with my good old HTC Desire I decided to switch to the new iPhone. It’s great but the thing I like the most is the fingerprint recognition instead of a PIN number. It’s an example of biometrics. Others you will hear about are facial, iris and voice recognition.