If the Password Is Dead, What Replaces It?
When it comes to mobile security, what your phone says about you may be unique enough to pass for valid authentication
By: Harlan Hutson
Jun. 27, 2013 06:00 AM
When we talk about online security there's a school of thought that suggests you can either make it safe, or you can make it easy to use, but you can't have both. As we see a sharp rise in online fraud and identity theft it seems that traditional passwords are neither.
The 2012 Identity Fraud Industry Report by Javelin Research revealed a 13% jump in identity fraud in 2011 with 11.6 million victims in the U.S. alone.
Smartphones are proving particularly prone to the problem, with 7% of owners reporting identity theft. When you consider the way we use our smartphone nowadays, for everything from online banking, to electronic tickets, to loan applications, then you can see the inherent dangers of inadequate security. How do we find a system that is easy to use and very secure?
The Problem with Passwords
In a drive to make passwords more convenient there has been a growth in linked account options - single sign-ins that provide access to all of your accounts. That makes life easier for us, but it also makes life easier for hackers. Now all that's required to access your online life and steal your identity is access to one of your accounts. Cracking your email password gives cyber-criminals access to everything. Password reminder systems can be exploited and your entire digital life can be opened up.
Whatever way you look at it - passwords are not working. We need to find a better solution.
The Problem with Multi-Factor Authentication
This level of security has largely been confined to the enterprise thus far because it is expensive and difficult to implement. It's also rarely user friendly.
Rethinking Multi-Factor Authentication
Naturally there are a number of different potential solutions. Traitware employs a system called PhotoAuth that requires the user to input a pre-selected sequence of images by choosing from a grid of thumbnails. Not only is it numerically more secure than a PIN, it's also easier for us to remember and pick out an image than it is to memorize an arbitrary number.
This "something you know" is combined with "something you have" in the shape of a smartphone app that verifies a number of device traits, such as screen resolution and device name, with user traits, such as your address book or music collection. You're talking about an identity so unique it's 1 in 390 billion.
Is Biometrics the Future?
We will surely see biometrics develop and become more affordable in the future, but they are not ready for prime time just yet.
What About Right Now?
Reader Feedback: Page 1 of 1
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week