How AI can improve user experience and security for the finance industry - Help Net Security

For the last 50 years, the fundamental and largely unchanged model for identifying and authenticating users has been based on the combination of a username and password, sometimes augmented with "second factor" techniques. While this approach has mostly served financial and other high-security industries well, it's increasingly shown to suffer from five drawbacks: For example, it's well known that "passphrases" are more secure than "passwords." But with advent of mobile apps, user preferences have shifted to make these the most frequently-used access modes, making passphrases more impractical. Even when services enforce their own complex password requirements, "forgotten username and password" reset mechanisms often fall back to less secure personal email accounts as the primary identity verification point. For example, an unattended laptop or misplaced mobile phone may provide a malicious user with a window of opportunity to access services the victim has already signed into. Fortunately, there is an emergent approach that can address these concerns by shifting emphasis from asking "do we recognize the user's username and password?"