Symantec to say goodbye to passwords with biometric technology

In an effort to improve security, Symantec will be releasing a host of capabilities next year that will feature biometric technology instead of relying on passwords.

"The password is weak and crap," said Nick Savvides, Symantec ANZ business manager of information protection.

Speaking recently to media in Singapore, Savvides went on to say that having passwords -- no matter how complicated they are -- is not the ideal way for companies to protect themselves against online threats, as cybercriminals are getting better at what they do.

He added in particular with the rise of the Internet of Things, cloud, and mobility, businesses need to implement new security factors such as biometrics, whether it's voice, facial, or fingerprint, as well as key dynamics and geolocation to ensure they are protected.

Savvides said that over the next 12 months, Symantec will be releasing capabilities that utilise these new factors.

As a preview, Savvides revealed that Symantec will be enhancing its Symantec Validation and ID Protection (VIP) service with the introduction of VIP Everywhere. Due for release in the second half of 2016, VIP Everywhere will be designed, according to Savvides, to provide end-to-end authentication that will see "for the first time in a long time security and usability [become] friends". It will also be embedded into Norton, so that computers will have a unique Symantec identifier that can identify a user of a specific computer.

"Today we authenticate the user through VIP. We're now introducing the ability to feed in that continuous authentication with behaviour analytics; take telemetry from the apps while it's in use; make machine-learning decisions to determine whether I need to stop the user from performing an action, or do I just need to re-authenticate to make sure the device hasn't been hijacked," he said.

In addition, Symantec will be focused on "mobile hardening" with the launch of a technology called mobile application protection services, or MAPS for short. Savvides said the product has been designed with mobile app developers in mind, so that they can focus on the functionality of an app, and not the security aspect.

"[Security is] hard for mobile app developers. Why is that? Because mobile app developers are 25-year-old bearded hipsters who don't know how to write secure applications; they know how to write mobile apps," he said.

"They care about functionality; they don't care about security, so what we're doing is making the process of securing their application easier by giving it to them in a black box and saying to them: 'Just add this to your mobile app and Symantec will wrap it, so we'll ensure you'll use good cryptography, we'll ensure you do pinning, we'll ensure you do codification, and we'll ensure you'll detect when there is malware running on the device'."

Disclosure: Aimee Chanthadavong travelled to Singapore as a guest of Symantec.