Media Planet: Future of Business and Technology
June 8, 2017

Famous con man-turned-security consultant Frank Abagnale explains why data security norms are outdated and insufficient.

TIMES ARE CHANGING: Security consultant Frank Abagnale Jr. urges everyone to eliminate outdated methods, such as usernames and passwords, to sufficiently protect your data.

TIMES ARE CHANGING: Security consultant Frank Abagnale Jr. urges everyone to eliminate outdated methods, such as usernames and passwords, to sufficiently protect your data.

When I was in my teens, it was a challenge to masquerade as someone else. It required that I forge the right forms and credentials, even secure the proper costume. And all of this, which was long before the digital age, had to be done by hand and in person. In the last decade, fraud has changed; it’s entirely online. It is phenomenally easier to pretend to be another person when you’re behind a computer screen. All I need is your username and password.

Over the past 60 years, the avenues and tools that criminals use have migrated online and have gotten more sophisticated, while the biggest form of protection has remained stagnant. The static combination of a username and password is extremely easy to replicate and replay, giving criminals easy access to the important information stored online, from bank statements to medical records — even access to your social presence can be costly and damaging. Passwords are simply insecure. So why do we continue to use them?

1. Passwords are outdated

2. Authentication does not equal identification

3. Static information is our worst enemy

Any static information used to authenticate a customer can easily be stolen and compromised. Today the number one enemy lives within our devices in the form of malware. This nefarious technology “listens” to the information transferred from our devices and has the ability to “replay” this information to any relying party and gain access. Therefore, to avoid unauthorized access, organizations must consider dynamic methods which cannot be taken over by criminals in person or online.

Recently, the industry began to realize that passwords are not the solution to protect consumers and organizations’ assets. Leaders like Microsoft, Google and Facebook are experimenting with logins that don’t use passwords, and startups like Trusona are going a step further by not requiring usernames nor passwords. By combining their #NoPasswords login with anti-replay technologies it prevents malware replays. We need to see more companies taking action against passwords in order to better protect their customers and their bottom line.