If someone enters the right credentials, that’s good enough for any website. Simple username/password is the most popular way hackers gain entry. For business, shared passwords are an ongoing headache and risk.

You’ve almost certainly done it too. You’ve impersonated someone, or someone else has impersonated you with your help. Have you ever….

1.       Shared your banking login with your spouse

2.       Used team passwords at work

3.       Shared passwords for a family photo sharing account

4.       Shared passwords for individual iTunes accounts to share music

5.       Shared passwords for a household device or appliance

6.       Asked a friend to log you in to a timeclock when running late

7.       Shared your email password with a significant other to show your commitment

 

So, you’re guilty of credential fraud. Most of us are.

We don’t think about sharing credentials with people we trust. And the system doesn’t know the difference. There is no identity authentication. Simply verification that someone typed in the right password. Everyone is the same to the system. All it takes is that PIN and password.

The only way to tell who is who online is with authentication. Authentication determines the actual person who is logging in by adding additional steps to determine identity. You’ve probably answered challenge questions or entered an SMS code you were sent to prove your identity before accessing a site.

But answering a question about the city you were born in or mother’s maiden name is easily discovered. And an SMS code only verifies the device attached to the account, not the person. Have you ever shared your phone passcode…? You get the drift.

How does business handle the need for real authentication? Not that well. Its continuing reliance on usernames and passwords (SSO) is baked in. So shared and stolen passwords are a continuing threat. With employees always coming and going and using different devices, managing identity is a complex problem.

The only way to be truly sure about someone’s identity is to use a biometric to identify them.

·         Biometrics are unique body characteristics like fingers or irises

·         They don’t change

·         They are, by far, the strongest way to identify a person

If you use a fingerprint to unlock your phone, it works on your device because you have a fingerprint reader in your hand. But it won’t work for online accounts. 

Consumers can’t press their finger on any screen to access a shopping site or  bank. Not without hardware like a fingerprint reader to plug into a device, read the fingerprint and send it to the site which has to authenticate the print.

If a company had 100,000 users it needed to authenticate, the hardware investment alone would bankrupt them.

Many people don't realize that there is an affordable way to use biometrics online without hardware. 

BioSig-ID is a new way to use biometrics without hardware or downloads. It's a biometric Smart Password. Users have everything they need to login in the palm of their hand. Only the rightful user can enter the password which is drawn with a finger (touch enabled screen) or a mouse.  It's 99.97% accurate at stopping imposters , stolen passwords and password sharing. It’s also great at identifying the correct person – 99.78%. This ensures a smooth user experience without frustration. Login using a 4 character password takes only about five seconds. 

Whether a site takes online payments, holds sensitive medical records or transfers large sums of money – biometric authentication is the only way to be sure the right person is using the credentials. If you've hacked your way in with a shared password, bad guys can do it too because typed passwords are inherently unsafe.