The new age of "visual" security

Why password protection needs to evolve with consumer behaviour

This is a contributed piece by Geoff Anderson, Co-Founder, PixelPin

The visual web is taking over, 70% of all Facebook activity is based on photographs; on Instagram 26 photos are uploaded every second and Pinterest gains more monthly usage than Twitter, Facebook and LinkedIn combined.

It’s not surprising when we consider that our brains process visuals 60,000 times faster than the written word and what we see impacts our emotions and memory. According to Research by Simply Psychology, words are processed by our short term memory and need to be accessed sequentially to recall, but images are stored in our long term memory, imprinted from the very first moment and can be recalled more easily.

In fact, Dr.Lynell Burmark at Thornburg Center for Professional Development said:  “Unless our words, ideas and memories are hooked onto an image, they will go in one ear, sail through the brain and go out the other ear.”

With that in mind, it’s clear the way in which we create password protection needs to evolve and change to fit the way consumers absorb information. It’s time security begins to adapt to harness the advantages of images and the visual web to solve the weakest part of a modern security solution.

Introducing the visual security era

As our lives shift into the digital world, we have to create and remember different passwords to access all areas of our lives: shopping, banking, social networks.  As a result, keeping that data safe and secure is arguable the biggest challenge facing commerce, governments and citizens alike.

We know that passwords are not the best choice for that protection; they can be hacked, phished, or dictionary attacked. Most of all, they’re hard to remember and difficult to use on mobile devices. Worse still, to avoid recalling passwords, we lean towards using the same one across multiple locations. In 2014 the cost of online password breaches reached almost $200 billion – clearly demonstrating that current solutions are falling short of properly protecting personal and financial information.

The use of “single sign-on” methods, where a user enters one login mechanism i.e. name and password in order to access multiple applications, is considered user friendly and predominantly used by social media – with 83% of password log-ins coming through Facebook and Google. This method of protection needs to change as often these services are used in exchange for personal data.

As a way to combat the flaws of pass ‘words’ and single sign on, the industry has made attempts to move to  picture based alternatives. For example, Microsoft developed a device login version for Windows 8 and 10, but with only three inputs and working on a series of grids rather than pixels means it is significantly less secure.  Moreover, as it’s only available for Windows, it does not offer multi-device convenience.

An additional layer of protection can come from a one-time password that is sent to a smartphone. The obvious limitation of course is that it’s not applicable whilst signing in on that device. Equally, hardware tokens, such as those used by banks, are expensive and password managers suffer from the same paradigm flaws as the password.

Now, companies such as Google, Samsung and Apple are working on biometric solutions but these have come under heavy criticism due to hardware limitations, cost and also the huge security risk that you cannot change your fingerprint if the system is hacked.

These developments show that there is no silver bullet to security but moving to an image based solution could be the most realistic solution to enable consumers to better protect themselves with a method that works in tandem with their own personal behaviour.

Why personalisation is the key

Customer facing businesses must look to safer authentication while keeping pace with a turbulent and growing cyber landscape. This year we can expect to see the democratisation of security - it’s no longer a conversation just for the tech-savvy. How can security solutions be simple, elegant and usable by everyone?

In the age of the visual web we know that security isn’t solved by technology alone and security must work in tandem with consumer behaviour. By leveraging the power of visual memory recall and emotion, security solutions can be created to call on the hyper-visual parts of our brains and solve the problem of passwords. Designed with personalisation and user experience in mind, these third party solutions can address the need for secure authentication as well as remain appealing to a changing consumer landscape.