PASSWORDS AND FUTURE TECHNOLOGY

There is almost nothing that can be done on a computer without a username and password. You need a password to read news online, for social media, email, online banking, shopping, airlines and more. The problem is that almost every web site has a different set of characteristics required for a password. Some use letters, numbers and maybe even symbols too. Plus, most sites require a password change on a periodic basis, which can get quite annoying as you try to figure out which one to use now. We did a search on how many different user-names and passwords the average person has to keep track of and were surprised by how low it was. Maybe that is because those of us who work in the financial sector have so many more passwords and log in IDs than the average person. In point of fact, a 2012 survey of 2,000 American adults found 50% of respondents had 5 or more user-names and passwords and 33% had more than 10. The survey also found 38% of those polled would rather scrub toilets than come up with another unique log-in and password. The resulting human behavioral oddity for most of us is to keep a list of passwords hidden somewhere - preferably not on a card entitled Passwords in the "P" section of our rolodex. In the end, not very secure. Security is made even more difficult when people use the same password for more than one web site, which is also very common. A recent BitDefender study found 75% of people use the same social networking and email account usernames and passwords. By hijacking an email account, a hacker can simply use "password help" to get access to everything from bank accounts to social media sites. There is hope in technology to solve this issue perhaps. In fact, a number of European countries have approached the problem with an electronic ID (Finland was first and now there are 16 in all). This ID combines something you carry with you like a card or your phone, with something you know, like a password. This digital ID can then be used for state functions like voting or taxes, or for ecommerce like banking, shopping or bill-pay. There is particular interest in this technology in countries with large populations as it circumvents the need to issue physical IDs, much in the same way that cell phone technology removed the need to install more land lines. Currently India has about 25% of its population in one of the world's most sophisticated ID systems, which includes fingerprints and iris scans. In Dec., Visa said people living there will be able to withdraw cash from ATMs using fingerprint readers, with verification coming from a national biometric database. Other countries more wary of government-run identity registers have turned to verification processes developed by business. These could verify a person's identification to a large number of sites, rather than having to create separate user-names and passwords for each. To achieve broad acceptance, however, there must be common identification standards. A US government sponsored organization begun in 2011 is working to bring this about - the National Strategy for Trusted Identities in Cyberspace. The objective is to have 50% of Americans using a multipurpose log-in by 2016. Banks spend enormous effort and resources protecting customers from thieves of all varieties. Internet and mobile banking security remain vulnerable and efforts to make sites more secure typically produce more customer inconvenience. As this new technology takes hold, banks should prepare to lead.