Look! No PIN!

By Philippe Le Pape, VP Partnerships and Presales • Safran Identity & Security

Look! No Pin!

Why Killing The Password Is The Next Billion Dollar Industry.

With the countless data-breaches and password leaks popping up, such as the recent leak of customer accounts on multiple video game networks.

It's becoming increasingly difficult to live a safe life online relying on the password, as even the most intricate password is useless if someone finds it and posts it online.

That's why the two-factor authentication industry has exploded. It means in its most literal form a second way in which you verify that it's you logging in, from a text message or phone call to a pop-up on a separate device. Even though it adds a layer of friction to signing up to and logging into services, which can stop a (lazy) user from wanting to log in, the result is a far tighter security package. As long as you have your phone, the other person won't be able to log in.

An aggressive example of this was by Christopher Mims, a reporter for the Wall Street Journal. He published his password in a nationally-read print newspaper and turned on two-factor authentication. He revealed in a follow-up piece that two-factor worked in theory: that nobody got into his account, but Twitter publicly showed the number being pinged for the two-factor code. To quote Mims:

In other words, I think I proved my point: Even when I exposed my password in as public a fashion as possible, my account remained secure. Inadvertently, I also revealed an issue with Twitter's system that, should their engineers rectify it, will only make the system better.

Venture capital has followed--in the last few months, Duo Security raised $12m andAuthy raised $3m alone. In July, mobile identity firm TeleSign raised over $49 million, off the back of a successful two-factor authentication business that Forbes reports covers 9 out of 10 of the top web properties.

Some companies complain that two-factor authentication interferes with the overall usability of the web experience. However, a collaborative academic report by the Internet Society--combining the work of PARC (Xerox's research/development arm), University College London and Indiana University found that two-factor is perceived as usable, based on the cognitive strain, ease-of-use and trustworthiness required by a user.

There's little or no reason beyond wanting to slow down the flow of getting more users, and it's even become ridiculously easy to integrate two-factor into any app. In October TeleSign, potentially using some of the aforementioned funds, created a Free SDK for building Two-Factor Authentication into any app. While Duo offers a similar SDK, TeleSign is apparently focusing on the ease-of-integration, one of the many reasons that some apps that could use a more security interface haven't integrated two-factor.

Even then, there're still issues with two-factor. The Unofficial Apple Weblog warned of the new functionality in the latest Mac OSX that forwards texts directly to your computer--so that if someone happened to be using your computer with your password, or had access to your iMessages, they could get your two-factor codes. This is similar to those who happened to use their web-accessible Google Voice number to have their texts received in a browser, or using Motorola Connect with a supported phone to receive text popups.

Criminals are crafty and the result is that it's impossible to create an unbeatable solution. Clef last week received $1.6m in funding to focus on barcodes over the simple pins that you receive via SMS in most two-factor authentication situations. Killing passwords is a tough task--but it now even has heavyweights fighting the battle like Mastercard. Here's hoping.

Biometric 2016.

Gartner: Biometrics will sync with wearable boom

10/12/14

Influential research firm Gartner has predicted that as wearables become more mainstream, that biometric sensors will increasingly feature on them for authentication.

Wearable features will become less obtrusive, with by 30 percent of smart wearables will be completely unapparent to the eye by 2017, says Gartner

Biometrics will be playing an increasing role in the technology.

“By 2016, biometric sensors will be featured in 40 percent of smartphones shipped to end users”, finds Gartner.

“Fingerprint scanning will be the primary biometric feature introduced by most vendors, given its intuitive and unobtrusive usage. Other biometrics such as facial, iris, voice and palm vein authentication will also emerge but will remain relatively niche.”

Wearables will also feature biometrics as coupling devices to smartphones, with Gartner saying they will mostly obtain the biometric information to be passed onto the smartphone where the intelligence and authentication take place.

In October, Research and consultancy firm Goode Intelligence predicted that wearable technology will drive a “second wave” of adoption of biometric authentication following its more widespread use on smart devices.

“We believe that smartphones and tablets will be the first wave of consumer devices to be biometrically-enabled and this will quickly be followed by wearable technology” said Alan Goode, author of the report and founder of Goode Intelligence.