The concept of the computer password dates back to the earliest days of shared computer systems, with the first computer password developed in 1961 at MIT. That’s 60 years ago this year that we started our journey with digital authentication methods. The first case of password theft or misuse was documented just a year later, in 1962.

It’s almost unbelievable in this age of rapid technology advancement that we are still relying on what is essentially an aged and almost obsolete technology to protect ourselves and our digital assets from prying eyes.

Today, we are entering what is referred to as the “Third Wave” of the authentication revolution. The password was v1.0, Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) are v2.0, and we now find ourselves looking at v3.0 beginning to take shape.

With online security a greater concern than perhaps ever before for customers, let’s take a look at what organisations need to be aware of now, as we move into an innovative new future in digital security.

So what exactly is the problem with passwords?

Characters from a known character set are the basis of any password generation process (manual or automated). This is exactly the reason why there is no perfectly unique password. Passwords are created to be remembered, and that is their one fundamental weakness. It makes them predictable, guessable and open to abuse

Didn’t 2FA and MFA solve the issue?

Well, no not entirely. MFA (like all methods of authentication) is open to abuse and is highly dependent on how it has been implemented. The approach to “proving who you are” using multiple elements across the four key factors of authentication certainly makes it more difficult to fool systems, but not impossible (which, let’s face it, is the ultimate goal of any authentication technology).

Authentication factors look at four key categories:

  • Knowledge (something you know)
  • Possession (something you have)
  • Inherence (something you are)
  • Location

You may well be used to 2FA across your apps and devices, but did you know that some security services have 4FA in place? Logging on to check your email may take some time…

What exactly is recognition technology?

Authentication 3.0 is the world of “recognition technology”. Recognition technology includes a mixture of different data points across end user devices, data analytics, mobile usage, behavioural and physical biometrics, and factors of continuous authentication to build a more solid and resilient model compared to the methods used today.

We all know about facial and fingerprint recognition, you probably use these on your phone along with solutions like Windows Hello.

But here’s the thing – the way you type, the angle you hold your phone at, the way you move your cursor, the websites you visit, if you run your browser maximised on your desktop, the time of day you logon, the speed you read at, that pause before you send an important email – these are all examples of your unique identity footprint in the digital world. They all represent individual data points that uniquely identify you.

Combine this digital footprint with advancements in biometrics such as heart rate signatures, vein recognition, thermography, gait, hand geometry (and yes even body odour) it becomes possible to build a totally unique digital identity of you. Combine these technologies with AI, built to continuously monitor changes in your identity profile, and the world of passwordless authentication seems more like a reality.

So where next?

We do need to be realistic. For widespread adoption of these new authentication methods, what’s needed is a clear set of globally agreed standards, and a lot of legacy technology systems. Innovation will continue in this space, but is likely for now to offer the results of varied experimentation. Different approaches will have different solutions, built to different specifications, all chasing the one ultimate proof of identity that is impossible to fabricate.

One thing is clear, though – the age of the simple password as a sole method for authentication is rapidly approaching an end. We will continue to see greater adoption of a layered security approach before these methods are finally put out to pasture, but the clock is ticking.

At Webhelp, we’re always ready for the next step in technology evolution, while still maintaining our focus on the human element. As we incorporate new developments in security into our systems and processes, we continue to work hand in hand with our people, to design security solutions that work for them, and help to create the best possible colleague experience.

To find out more about Technology and AI, read the latest blog by James Allen, Chief Risk and Technology Officer on Bots, Bias and Bigotry.