Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
If the Password Is Dead, What Replaces It?
When it comes to mobile security, what your phone says about you may be unique enough to pass for valid authentication

When we talk about online security there's a school of thought that suggests you can either make it safe, or you can make it easy to use, but you can't have both. As we see a sharp rise in online fraud and identity theft it seems that traditional passwords are neither.

The 2012 Identity Fraud Industry Report by Javelin Research revealed a 13% jump in identity fraud in 2011 with 11.6 million victims in the U.S. alone.

Smartphones are proving particularly prone to the problem, with 7% of owners reporting identity theft. When you consider the way we use our smartphone nowadays, for everything from online banking, to electronic tickets, to loan applications, then you can see the inherent dangers of inadequate security. How do we find a system that is easy to use and very secure?

The Problem with Passwords
For years now we have been lectured on the importance of creating long, complicated passwords using a mix of letters, alphanumeric characters and symbols. We were told that this would safeguard our security and prevent hackers from gaining access to our online life. In effect it left us having to manage a long list of complex passwords. How do you remember them? How do you store them safely? The whole process is no longer user friendly.

In a drive to make passwords more convenient there has been a growth in linked account options - single sign-ins that provide access to all of your accounts. That makes life easier for us, but it also makes life easier for hackers. Now all that's required to access your online life and steal your identity is access to one of your accounts. Cracking your email password gives cyber-criminals access to everything. Password reminder systems can be exploited and your entire digital life can be opened up.

Whatever way you look at it - passwords are not working. We need to find a better solution.

The Problem with Multi-Factor Authentication
Authenticating your identity is the trick and two-factor authentication is already popular. The idea is to combine a request for two or more factors whenever you log in. Factors break down into three categories:

  1. Knowledge - something you know
  2. Possession - something you have
  3. Biometric - something you are

This level of security has largely been confined to the enterprise thus far because it is expensive and difficult to implement. It's also rarely user friendly.

Rethinking Multi-Factor Authentication
Why does it have to expensive? What makes it difficult to roll out? Why should it be so cumbersome to use? The whole topic just needs a new perspective and it's something that a number of companies are addressing. The FIDO Alliance includes Google and PayPal among its members and it aims "to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords."

Naturally there are a number of different potential solutions. Traitware employs a system called PhotoAuth that requires the user to input a pre-selected sequence of images by choosing from a grid of thumbnails. Not only is it numerically more secure than a PIN, it's also easier for us to remember and pick out an image than it is to memorize an arbitrary number.

This "something you know" is combined with "something you have" in the shape of a smartphone app that verifies a number of device traits, such as screen resolution and device name, with user traits, such as your address book or music collection. You're talking about an identity so unique it's 1 in 390 billion.

Is Biometrics the Future?
Taking things one step further, we have biometrics as a possibility that could be the ultimate proof of personal identity. It seems Apple is looking at fingerprint readers after acquiring AuthenTec. BlackBerry has been exploring fingerprint scanning and even iris recognition. Other solutions like ConfidentID Mobile are trying to combine traditional PIN entry with voice, face and palm image matching. However, Google's easily spoofable "Face Unlock" feature, which could be fooled by a photograph of the person, highlights the difficulties in establishing user-friendly biometric systems that are genuinely secure.

We will surely see biometrics develop and become more affordable in the future, but they are not ready for prime time just yet.

What About Right Now?
The age of the username and password is almost certainly at an end. There is a general consensus that we need a new system. Manufacturers and service providers recognize that in order to persuade us to put our trust in mobile transactions, we'll need to trust that they are secure. Authentication is the key, but there are so many potential methods of verifying our identity that it's not easy to put your finger on the right solution just yet.

About Harlan Hutson
Harlan Hutson is president of Acuity Systems, developers of TraitWareID, a mobile authentication app that links the identity of users with certain personality traits of their devices, then ties the device and user with an Identity Binding Token. The IBT can act as a virtual token, or proxy for the authenticated end user in any transaction. For more information please visit http://www.traitwareid.com.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Usernames and Passwords are history! CertiVox.com has just launched an open source solution, available to everyone called M-Pin, this technology allows your website or app to have ATM-like cryptology which will reduce authentication costs by up to 93% and banish username and passwords forever. It enables users to authenticate using a simple, ATM machine UI pin pad, rather than a username and password. Infinitely easier – but also infinitely more secure – than username and password.

M-Pin is two-factor authentication but without the cost of hardware tokens, user training and complex deployments. Owners of web, cloud and mobile applications can now get rid of their username / password vulnerabilities, bad user authentication experiences and the expense of password management systems. With the knowledge that the M-Pin System essentially makes any HTML5 browser into a strong authentication client that authenticates to the open-source M-Pin Server, which only stores one leak-proof cryptographic key, thus replacing the username/password database. If the key is compromised somehow, it reveals no details about end-users on the system.

Surely this kind of technology is where we can finally embrace proven strong authentication and eradicate the password fatigue. Anyone can download the open source M-Pin server at http://www.certivox.com


Your Feedback
CertiVox wrote: Usernames and Passwords are history! CertiVox.com has just launched an open source solution, available to everyone called M-Pin, this technology allows your website or app to have ATM-like cryptology which will reduce authentication costs by up to 93% and banish username and passwords forever. It enables users to authenticate using a simple, ATM machine UI pin pad, rather than a username and password. Infinitely easier – but also infinitely more secure – than username and password. M-Pin is two-factor authentication but without the cost of hardware tokens, user training and complex deployments. Owners of web, cloud and mobile applications can now get rid of their username / password vulnerabilities, bad user authentication experiences and the expense of password management systems. With the knowledge that the M-Pin System essentially makes any HTML5 browser into a strong authe...
SOA World Latest Stories
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used t...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portabil...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will d...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus ...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one l...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE