Five Reasons Why Photos Should Replace Passwords
Most people, businesses, and government organizations rely on passwords — user-generated combinations of letters, symbols and numbers - to protect identities, bank accounts, medical files and other important documents.
Over the past two years, hackers attacked Sony, Target, Home Depot, JP Morgan, TurboTax, Adobe, Anthem, Walmart, Amazon, Microsoft and Facebook. Not even the White House, the State Department and other federal agencies were immune. These high profile information security scandals compromised the integrity of trusted institutions and businesses, and threatened the safety and welfare of the millions of individuals they served.
The traditional password system is not the most effective safeguard for confidential information.
According to Deloitte's "TMT Predictions 2013," over 90 percent of user-generated passwords are vulnerable to hackers.
"In a recent study of six million actual user-generated passwords, the 10,000 most common passwords would have accessed 98.1 percent of all accounts. Non-random distribution allows hackers to create a file, or 'dictionary,' of common password words and phrases, and symbolic variations, making cracking an account thousands or millions of times easier."
The cost of a data breach can be crippling: The Verizon 2015 Data Breach Investigations Report, the most comprehensive information security analysis published today, noted that a breach involving only 100 records could result in an average cost of tens of thousands of dollars.
Photos provide a more secure alternative to passwords.
Scientists, information security specialists and user studies all confirm the viability of photographs as a best practice alternative to the traditional password system.
Here are five reasons why photographs should be used to secure confidential information:
1) People remember photos better than passwords. "Photo recognition is consequently more ergonomic than a password," said German computer scientist and encryption expert Klaus Schmeh in his book "Crytography and Public Key Infrastructure on the Internet." A study conducted by University of California Berkeley researchers Rachna Dhamija and Adrian Perrig confirmed how using visual recognition was more effective than making people remember precise textual/numerical information: "Classic cognitive science experiments show that humans have a vast, almost limitless memory for pictures in particular."
2) Using photos prevents users from making bad password choices. SplashData, a password management software company, compiles an annual "Worst Passwords" list from stolen files posted online by hackers. For three years running, "123456" remains the top worst password chosen by users. Hackers use a variety of sophisticated systems and methods to find patterns in passwords. Photographs keep people from making the most crucial online security mistakes: setting up predictable and/or highly obvious passwords.
3) Encrypted images can provide better security protocols. Instead of sharing one password with everyone in a family or company department — or mandating the creation of new sets of passwords — photos can be encrypted with security roles to allow for targeted and/or limited access. Administrators can designate roles per image, determine duration of image use and monitor document access. This grants more control of security protocols and reduces the risk of bad practice behavior.
4) It takes more time (and expertise) to hack a visual authentication solution. Photos are not convenient for hackers. According to "Graphical Passwords: A Survey" by University of Georgia computer science researchers Xiaoyuan Suo, Ying Zhu, and G. Scott. Owen: "Setting up a phishing web site to obtain graphical passwords would be more time consuming." Hackers would have to intimately know the personal preferences of each user, to be able to detect patterns and usage.
5) Photos are a cost-effective and simple security solution for most users. The technology for facial recognition, fingerprint scans and biometrics is available — for those who can afford it. "The world is full of late adopters and non-adopters, however, and major Internet companies such as Google and Facebook cannot afford to demand that all their users upgrade their equipment to be safe." Most users, however, do have access to a library of unique, personal images. "For the users who have them, these images can form a convenient authentication system that doesn't require much configuration." To allow for overall user implementation of better security protocols, the solution shouldn't be cost-prohibitive for the average individual.