At the beginning of August 2016, Yahoo has confirmed that a data breach from 2014 hit 500 million users, allowing hackers access to sensitive information, including poorly encrypted passwords. The account information may have included names, email addresses, telephone numbers, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include payment card data, or bank account information; however, some of the passwords stolen may be encrypted, data dumps like this tend to be decrypted reasonably quickly.
To solve this issue, Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions/answers immediately. However, the question here is if changing password is enough for Yahoo to protect their data, while in fact many businesses and enterprises are looking for more sophisticated technologies to secure data and maintain network security than passwords. The first reason is because passwords are prone to hacking. According to JumpCloud (2015), thanks to new password crowd-hacking technologies, it takes an average of 5.5 hours to hack an eight character password. Moreover, another problem of using a password is tied to something personal, for example birthdays, spouse or children’s names, it can be easily remembered meaning that it can be easily guessed by a possible intruder. In contrast, some people making these passwords are too complex that easily be forgotten. In other words, the possibility of information being stolen again is very high if Yahoo continued to use only password to protect their data.
Based on the case of Yahoo, the rise in security breaches and the increase in sophisticated hacking attacks of sensitive information have raised demand for a stronger and more secure Single Sign-On (SSO) for information access. Due to the fact that password-cracking techniques are increasing in sophistication, there is a strong need to implement SSO integrated with biometrics providing stronger security and reliability. In other words, the use of biometrics as an alternative to passwords or in combination with passwords as two factor authentication is now considered more secure to prevent data breaches due to existing, weak password protocol. In details, biometric enables to identify person accurately, which prevent users from remembering passwords. Biometric can also provide the convenience in accessing the information anytime, anywhere you need. And last one, biometrics is unique for every individual and prevents unauthorized access from others who may have the means to steal passwords.
The use of biometric to replace passwords or to secure passwords management is helpful for both users and enterprises. For end users, biometric passwords management raise authentication accuracy by ensuring the right person has access to the right information. Therefore, it prevents an unauthorized person from gaining access to sensitive data. Whereas, government, enterprises or businesses can easily reduce password management difficulties by providing a more secure method of authentication. Therefore, it helps to reduce the need for IT department to reset passwords, reducing administrative expenses and saving resources. According to Kaspersky Lab survey, depending on the size of organization, the cost of lost financial data is from $66,000 to $938,000. Therefore, deploying a biometric SSO solution can avoid such incidents and financial losses resulting from data security breaches.