Arab Press

بالشعب و للشعب
Friday, Aug 22, 2025

Why passwords don't work, and what will replace them

"Sarah", an actor based in London, had her identity stolen in 2017. "I got home one day and found my post box had been broken into," she says.

"I had two new credit cards approved which I hadn't applied for, and a letter from one bank, saying we've changed our mind about offering you a credit card."

She spent £150 on credit checking services alone trying to track down cards issued in her name.

"It's a huge amount of work and money," says Sarah, who asked the BBC not to use her real name.

Identity theft is at an all-time high in the UK. The UK's fraud prevention service CIFAS recorded 190,000 cases in the past year, as our increasingly digitised lives make it easier than ever for fraudsters to get their hands on our personal information.

So how should we keep our identities secure online? The first line of defence is, more often than not, a password.

But these have been in the news lately for all the wrong reasons. Facebook admitted in April that the passwords of millions of Instagram users had been stored on their systems in a readable format - falling short of the company's own best practices, and potentially compromising the security of those users.

Late last year, question-and-answer website Quora was hacked with the names and email addresses of 100 million users compromised. And Yahoo! recently settled a lawsuit over the loss of data belonging to 3 billion users, including email addresses, security questions and passwords.

No wonder that Microsoft announced last year that the company planned to kill off the password, using biometrics or a special security key.

IT research firm Gartner predicts that by 2022, 60% of large businesses and almost all medium-sized companies will have cut their dependence on passwords by half.

"Passwords are the easiest approach for attackers," says Jason Tooley, chief revenue officer at Veridium, which provides a biometric authentication service.

"People tend to use passwords that are easy to remember and therefore easy to compromise."

Not only would getting rid of passwords improve security, it would also mean IT departments would not have to spend valuable time and money resetting forgotten passwords.

"There is an annual cost of around $200 (£150) per employee associated with using passwords, not including the lost productivity," says Mr Tooley.

"In a large organisation that's a really significant cost."


'New risks'

Philip Black is commercial director at Post-Quantum, a company designing powerful encryption systems for protecting data.

He agrees that passwords are already a weak point. "You have to create and manage so many passwords. That's unmanageable, so people end up using the same passwords, and they become a vulnerability."

New rules laid down by the EU are designed to deal with that issue. The updated Payment Services Directive, known as PSD2 , require businesses to use at least two factors when authenticating a customer's identity.

These can be something the customer has in their possession (such as a bank card), something they know (such as a PIN), or something they are, which includes biometrics.

Overlooked in the past in favour of tokens, passwords, and codes sent by SMS, interest in biometrics is growing. According to the 2019 KPMG International Global Banking Fraud Survey, 67% of banks have invested in physical biometrics such as fingerprint, voice pattern and face recognition.

This year, NatWest began trialling debit cards with a fingerprint scanner built directly into the card itself.

Biometrics offer a more frictionless consumer experience, but has been held back by the need for specialised equipment. With the latest smartphones, many of us now carry the necessary hardware in our pockets. Research by Deloitte has found that a fifth of UK residents own a smartphone capable of scanning fingerprints, and that number is rising fast.

Yet just as our personal data is vulnerable to thieves, biometric information can also be stolen. In September, Chinese researchers at a cybersecurity conference in Shanghai showed it was possible to capture someone's fingerprints from a photo taken from several metres away.

If you think resetting your password is difficult, try changing your fingerprints.

To boost security, companies are increasingly relying on multiple factor authentication (MFA) which seeks to identify people using as many different ways as possible.

This can include not just explicit measures such as PINs and fingerprint scans, but background familiarity checks such as your location, purchase history, keystrokes, swiping patterns, phone identity, even the way in which you hold your phone.

"Is biometrics going to replace passwords? No, a combination of factors is going to replace passwords, we are and we should be moving toward this," says Ali Niknam, chief executive of Bunq, a mobile banking service.

Yet there is a risk of that this sort of multi-factor authentication, while secure, will make the authentication process even more opaque. If you don't know what is being used to identify you online, how can you protect that information?

"I'm careful about internet security - my date of birth isn't anywhere, my address isn't anywhere," says Sarah.

"I'm 33, relatively young and tech-savvy, but I'm not sure I'd know how to be more careful."

She does remember, however, that one bank initially refused to cancel the account the thief had opened in her name, because she didn't know the password.

Newsletter

Related Articles

Arab Press
0:00
0:00
Close
Dogfights in the Skies: Airbus on Track to Overtake Boeing and Claim Aviation Supremacy
Tim Cook Promises an AI Revolution at Apple: "One of the Most Significant Technologies of Our Generation"
Are AI Data Centres the Infrastructure of the Future or the Next Crisis?
Miles Worth Billions: How Airlines Generate Huge Profits
Zelenskyy Returns to White House Flanked by European Allies as Trump Pressures Land-Swap Deal with Putin
Beijing is moving into gold and other assets, diversifying away from the dollar
Trump Backs Putin’s Land-for-Peace Proposal Amid Kyiv’s Rejection
Zelenskyy to Visit Washington after Trump–Putin Summit Yields No Agreement
Iranian Protection Offers Chinese Vehicle Shipments a Cost Advantage over Japanese and Korean Makers
United States Sells Luxury Yacht Amadea, Valued at Approximately $325 Million, in First Sale of a Seized Russian Yacht Since the Invasion of Ukraine
Saudi Arabia accelerates renewables to curb domestic oil use
Cristiano Ronaldo and Georgina Rodríguez announce engagement
Asia-Pacific dominates world’s busiest flight routes, with South Korea’s Jeju–Seoul corridor leading global rankings
Private Welsh island with 19th-century fort listed for sale at over £3 million
Sam Altman challenges Elon Musk with plans for Neuralink rival
Australia to Recognize the State of Palestine at UN Assembly
The Collapse of the Programmer Dream: AI Experts Now the Real High-Earners
Armenia and Azerbaijan to Sign US-Brokered Framework Agreement for Nakhchivan Corridor
British Labour Government Utilizes Counter-Terrorism Tools for Social Media Monitoring Against Legitimate Critics
WhatsApp Deletes 6.8 Million Scam Accounts Amid Rising Global Fraud
Texas Residents Face Water Restrictions While AI Data Centers Consume Millions of Gallons
India Rejects U.S. Tariff Threat, Defends Russian Oil Purchases
United States Establishes Strategic Bitcoin Reserve and Digital Asset Stockpile
Thousands of Private ChatGPT Conversations Accidentally Indexed by Google
China Tightens Mineral Controls, Curtailing Critical Inputs for Western Defence Contractors
JPMorgan and Coinbase Unveil Partnership to Let Chase Cardholders Buy Crypto Directly
British Tourist Dies Following Hair Transplant in Turkey, Police Investigate
WhatsApp Users Targeted in New Scam Involving Account Takeovers
Trump Deploys Nuclear Submarines After Threats from Former Russian President Medvedev
Germany’s Economic Breakdown and the Return of Militarization: From Industrial Collapse to a New Offensive Strategy
Germany Enters Fiscal Crisis as Cabinet Approves €174 Billion in New Debt
IMF Upgrades Global Growth Forecast as Weaker Dollar Supports Outlook
Politics is a good business: Barack Obama’s Reported Net Worth Growth, 1990–2025
UN's Top Court Declares Environmental Protection a Legal Obligation Under International Law
"Crazy Thing": OpenAI's Sam Altman Warns Of AI Voice Fraud Crisis In Banking
Japanese Prime Minister Vows to Stay After Coalition Loses Upper House Majority
President Trump Diagnosed with Chronic Venous Insufficiency After Leg Swelling
Man Dies After Being Pulled Into MRI Machine Due to Metal Chain in New York Clinic
FIFA Pressured to Rethink World Cup Calendar Due to Climate Change
Iranian President Reportedly Injured During Israeli Strike on Secret Facility
Kurdistan Workers Party Takes Symbolic Step Towards Peace in Northern Iraq
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
AI Raises Alarms Over Long-Term Job Security
Russia Formally Recognizes Taliban Government in Afghanistan
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Mediators Edge Closer to Israel-Hamas Ceasefire Agreement
Germany Seeks Taliban Deal to Deport Afghan Migrants
Emirates Airline Expands Market Share with New $20 Million Campaign
Robots Compete in Football Tournament in China Amid Injuries
×