Skip to content
Who's in the Video

Frank W. Abagnale

Frank W. Abagnale is one of the world's most respected authorities on the subjects of forgery, embezzlement and secure documents. Mr. Abagnale has been associated with the FBI for over[…]

FRANK W. ABAGNALE: Passwords are for treehouses. Many, many years ago I wrote that comment and I live by it today. Passwords were invented in 1964. I was 16 years old. I didn't even do any of the things I had done yet. And today I'm 71 years old and we are still using passwords. When we look at ransomware and when we look at malware and we look at breaches about 86 percent of the time it is a cause of passwords. Passwords were the root of the problem to begin with. We really need to move away from passwords and consequently we've now developed the technology to do just that. You're starting to see now companies very quickly eliminate the need for passwords. You may have seen an ad recently with Serena Williams running through a marketplace. She's in her jogging outfit. She sees a necklace she likes. She only has her phone so she walks over to a bank's ATM, she presses the bank's app on her phone, she gets her money - no password, no card. That's a technology called Trusona which stands for true persona of the individual.

Recognizing the individual by their device and doing it accurately. And so the airlines are switching, banks are switching, companies are switching to eliminate – universities are doing away with passwords from students. I think in the next two or three years we'll see passwords go away and that's long overdue. We should have done that a long time ago. When we get to technologies with inside companies that's the problem today. Most companies don't do a lot of that technology because one, it's costly and two, they're under this influence that it can never happen to me, I'm a small business. If you're a small business it's 48 percent more chance that it's going to happen to you than it's going to happen to big Fortune 500 company. But companies have that attitude that it's not going to happen to me. I don't want to spend the money to update my technology and my system. I don't even want to train my employees.

And that's why I think if you're taking that attitude, that attitude is kind of negligent and I think you should be held responsible if, in fact, someone does get that information and causes harm to your customer or your citizen or your client.