Companies will need to eventually phase out passwords and adopt authentication technologies that are more secure and user-friendly, says UBS senior executive Ollivier Schraner. The bank is said to be building a no-password environment that will leverage biometric and proximity-based capabilities
Passwords were once considered the first line of cyber defense.
But companies are now moving to adopt advanced online authentication capabilities that provide greater security and a more user-friendly experience.
"There are just two types of passwords: bad and very bad ones. The bad ones are the simple ones that you can crack easily, and the very bad ones are the ones that are so complex that you need to write them down," said Ollivier Schraner, the bank's CTO for Infrastructure and Security.
"So for us it's clear we need to ultimately need to get away from passwords," he said, predicting it will take a number of years for vendors to change the password system incorporated into their solutions.
"Clearly the next step is multi-factor capability and ultimately that's getting us into a position where we can start removing the password as one of the factors and start using technologies that are more user-friendly, that are actually cheaper if you look at it from a total cost of ownership perspective."
He made the comments in a discussion with Mickey Boodaei, CEO and founder of Transmit Security.
According to Schraner, there is a significant amount of technology on both the provider side and on the UBS side that will need to be adapted, which will take a few years, although some key systems are already in a position to operate without a password today.
"We're building a new compound in Asia. We're piloting what we call a friction-less security approach, which essentially from the time you enter the building, when you get to the work station, when you start working with applications, we are building an environment where there is no password required, leveraging some of the biometric capabilities in our products and exploring on the leading edge, sometimes, proximity-based authentication capabilities that need to be integrated."
The UBS executive said that the creation of the right kind of trust and data protection environment is a top priority for the company today, and probably will remain so for the next few years, because identity and authentication is a key part of the user experience with UBS platforms. "If you get it right, you create a good experience. If you get it wrong, you'll probably see customers leaving, and employees being frustrated."
Part of the bank's strategy is balancing usability and security, he said.
"We now have the technical abilities to be actually enabling new business models because you can create an environment easily where customers feel comfortable using advanced security measures. I think that is going to be changing the entire landscape of identity and authentication management."
"Now with everything that's happening , the press we get, about incidents of people's data being stolen, people's identity being hijacked, it actually has become a business advantage for us, offering them advanced authentication capabilities, creating a positive user experience, and essentially helping them sort out the security requirements they have as a retail or corporate client. So I do think the market is changing and obviously we want to be on the leading edge of that change," he said.
Passwords are a key part of banking, shopping, e-mail, social media and other online services used by people around the world each day.
But millions have had their personal information compromised by data breaches in recent years as a result of stealing, phishing or brute force attacks, among others.
