Shared Credentials Means You’re Guilty of Hacking

Reading time:2 mins

If someone enters the right credentials, that’s good enough for any website. Simple username/password is the most popular way hackers gain entry.  You’ve almost certainly done it too. You’ve impersonated someone, or let someone else impersonate you. You’ve shared credentials. Have you ever….

1. Shared your banking login with your spouse
2. Used team passwords at work
3. Shared passwords for a family photo sharing account
4. Shared passwords for individual iTunes accounts to share music
5. Shared passwords for a household device or appliance
6. Asked a friend to log you into a timeclock when running late
7. Shared your email password with a significant other to show your commitment

So, you’re guilty of credential fraud. Most of us are.

We don’t think about shared credentials as risky with people we trust. But the system doesn’t know the difference. There is no identity authentication just verification that someone typed in the right password. Everyone is the same to the system. If PIN and password match then it’s a green light.

The only way to tell who is who online is with authentication. Authentication determines the actual person who is logging in. You’ve probably answered challenge questions or entered an SMS code you were sent to prove your identity before accessing a site.

But answering a question about the city you were born in or your mother’s maiden name is easily discovered. And an SMS code only verifies the device attached to the account, not the person. Have you ever shared credentials like your phone passcode…? You get the drift.

How does business handle the need for real authentication? Its continuing reliance on usernames and passwords (SSO) is baked in. So shared and stolen passwords are a continuing threat. With employees always coming and going and using different devices, managing identity is a complex problem.

The only way to be truly sure about someone’s identity is to use a biometric to identify them. They are, by far, the strongest way to identify a person. But they usually require hardware.

For example, if you use a fingerprint to unlock your phone, it works on your device because you have a fingerprint reader in your hand. But it won’t work for online accounts.

Consumers can’t press their finger on any screen to access a shopping site or bank. Not without hardware like a fingerprint reader to plug into a device, read the fingerprint and send it to the site which has to authenticate the print. If a company had 100,000 users it needed to authenticate, the hardware investment alone would bankrupt them.

Many people don’t realize that there is an affordable way to use biometrics online without hardware. BioSig-ID is a biometric Smart Password. Only the rightful user can enter the password which is drawn with a finger (touch-enabled screen) or a mouse. It’s 99.97% accurate at stopping imposters, stolen passwords and password sharing. It’s also great at identifying the correct person – 99.78%. This ensures a smooth user experience without frustration. Login using a 4 character password takes only about five seconds.

Whether a site takes online payments, holds sensitive medical records or transfers large sums of money – biometric authentication is the only way to be sure the right person is using the credentials. If you’ve hacked your way in with a shared password, bad guys can do it too because typed passwords are inherently unsafe.