The End of the Password: Thoughts on Two-Factor Authentication

May 24th, 2013 | Articles, Industry News, Job Search, Workplace Resources | No Comments »

password3

August 3rd, 2012 wasn’t a particularly stellar day for Matt Honan, senior writer with Wired Magazine. It was the day that all of his personal accounts (Google, Twitter, Apple, etc.) were hacked by a group hell bent on wreaking havoc with his digital life. Just for fun. Like many other tech-savvy users, his password was complex enough to withstand any brute force attack (it wasn’t 1234, his wife’s name, or his favorite member of House Lannister). His account fell due to two major problems: the daisy-chaining of his digital accounts and major gaps in account authentication.

The first problem is in the hands of the user but the second may lead businesses to put the old password (single-factor) authentication system out to pasture and replace it with a more secure two-factor authentication system.

What to expect from two-factor authentication

We are already beginning to see tech giants opt for the two-factor authentication. Twitter & Google have both implemented a system that sends a six-digit login code via SMS to your phone or alternate email account when you attempt to login from a new device or terminal. Facebook is toying around with the idea of users identifying pictures of their friends before entering their account.

Biometrics are even cropping up in greater numbers. McAfee has introduced face & voice authentication into their LiveSafe security service through built-in microphones & web cams in users’ laptops. Some are even experimenting with cornea scans, hand print, and brainwaves identifications an options for two-factor authentication. The success of any of these methods depends entirely on both the consumer & business markets.

Will it actually take off?

On the consumer side, some question how quickly this technology will be accepted. Though Twitter, Google, & Facebook may require only a bit of time to acclimate, any widespread biometrics authentication is going to be a much harder sell. For one, previous attempts to implement biometric authentication (think of the Sony Vaio fingerprint sensor) were fraught with debilitating sensor issues. Plus, most human beings are creatures of habit.

According to Alex Salazar, CEO of digital security company Stormpath, the password isn’t dead & gone quite yet. “Many of these other forms of authentication that people are experimenting with require an extra step, or two, or three and you don’t see a lot of appetite from consumers.” Consumer technology is all about simplicity and two-factor authentication systems can be contrary to that belief.

On the corporate side, businesses cannot afford to be as fickle, so the greatest changes in user authentication will begin in this sector. With client & business data increasingly stored in cloud databases with greater accessibility from across the web, one-factor authentication is no longer enough.

That’s why, you may soon see two-factor authentication like SMS or biometric systems creep into your office; they can handle the modern world in ways that standard passwords and security questions can’t. So, soon enough, you may see the stuff of every espionage film appear in your work authentications. Are you ready?

by James Walsh

[Photo Credit]

Comments