|
|
January 25, 2016
By Bob O'Donnell
FOSTER CITY, Calif. — It’s a classic case of tradeoffs.
If you want to be completely secure when it comes to your digital devices and data, you need to endure the hassles of creating, maintaining, and updating a series of extremely complex passwords. How does a 40-character random set of letters, numbers, and symbols sound? Make a unique one for every device, website, service or application you need to log into, change each one on a daily basis, and you’d be about as digitally safe as you could ever hope to be.
Uh, right, well, as recent studies on passwords have shown, that’s not exactly what we do. Instead, the never-ending din for stronger passwords has led us from 1-2-3-4 to 1-2-3-4-5-6-7-8. Clearly, it’s time for something new.
Thankfully, there does seem to be progress occurring on several different fronts. At last week’s unveiling of Intel’s latest 6th generation Core CPUs for business PCs, for example, the company talked about its new Authenticate technology. Authenticate can allow companies that use these PCs to store biometric data — such as information generated by fingerprint scanners or, eventually, facial recognition software or iris scanners — and other login credentials in encrypted form, directly into the PC’s CPU, making it much more difficult for hackers to get in.
More importantly, this technology, and others like it, is intended to drive the use of multi-factor authentication, which is a fancy way of saying you need at least two keys to open your “digital house door,” not just one. With multi-factor authentication, you could require a fingerprint scan and the presence of your smartphone (which you initially register as being yours) when you’re in the office to log in, and add the need for a password or facial recognition scan as well when you’re working at home or from the road.
That way if your password isn’t strong, or your PC is lost or stolen, it would still be much tougher to get in. Best of all, these types of multi-factor authentication scenarios don’t require any additional effort on your part—the onus is placed on the technology, as it should be.
AMD, MICROSOFT
Vendors other than Intel are also driving some of these new security standards. AMD has a Trust Zone—a technology licensed from ARM, the UK-based chip licensing firm—onboard its latest CPUs that can be used for similar applications. Microsoft introduced facial recognition into Windows 10 with Windows Hello.
In addition to these new efforts in PC security, there have been a great deal of advances in the mobile world. Apple’s TouchID and the integrated fingerprint scanner in many of Samsung’s phones and tablets, for example, have brought biometric authentication into the mainstream, with millions of people relying on these technologies every day to get into their smartphones.
There are also companies like Gemalto, one of the main creators of SIM cards used in smartphones, that are working on hardware-based device identity components. These products will eventually be embedded in all kinds of devices, including the enormous range of connected IOT products that will be arriving over the next several years.
What unites most of these device security efforts is that they’re all based in hardware—the concept is to create and store a secure “root of trust” that can then be used as one of the several “keys” that will be necessary to open and use devices and applications.
There have also been security developments in the web world. An industry consortium called the FIDO Alliance is helping to drive a standard means of passing the authentication credentials from your device’s hardware onto things like online shopping or banking sites. This can ensure that your digital identity stays secure as you move from hardware onto the web.
The trick with all of these new security efforts is to make them as seamless as possible. Just as using a constantly changing 40-character password isn’t a realistic option, neither will any other option that requires too much (or frankly, any) work on the user’s part. Creating scenarios where the authentication work is essentially done for you, is the only real way for security to improve.
The fact is that no authentication method—whether biometric or password-based—is entirely secure. Any one method, by itself can and will be hacked. Combining multiple methods, however, improves the situation tremendously. That’s why driving the use of multi-factor authentication is so critically important, especially when it takes into account all the different devices we regularly use, new technologies for identification, and how we normally behave (or don’t).
So, while the concept of using your face, through facial recognition, or some other form of biometric authentication as an adjunct way to improve the security of your devices and data may seem a bit odd at first, the truth is, it could become an essential part of how we interact with a more secure digital world.
USA TODAY columnist Bob O'Donnell is the president and chief analyst of TECHnalysis Research, a market research and consulting firm that provides strategic consulting and market research services to the technology industry and professional financial community. His clients are major technology firms including Microsoft, HP, Dell, and Nvidia. You can follow him on Twitter @bobodtech.
Here's a link to the original column: http://www.usatoday.com/story/tech/columnist/2016/01/25/biometrics-latest-shield-against-password-hacks/79287634/ |
