Once again, Google is blazing a new technology path, not necessarily by innovating, but by having the size and influence to make change happen in an industry that seems at times to get stuck in a vicious circle. In this particular case, technology has been navel-gazing on the password issue for years despite having the solution in hand decades ago: multi-factor authentication. In its most simplistic and well known form, you have probably been using two-factor MFA for years without even realizing it: your ATM card and PIN. In MFA terms, this is “something you have” (your ATM card) and “something you know” (your PIN). Without both present, authentication doesn’t happen.
Using its thousands of employees as guinea pigs since early 2013, Google is testing a technology platform it plans on releasing in 2014 based on MFA. The “something you have” in this case is a small USB FOB that is paired with your user login and a simple 4-digit PIN (“things that you know”) that authenticates you on a computer or an NFC-capable mobile device. If this sounds familiar, it may be because this device I wrote about previously does essentially the same thing. Instead of having to remember a bunch of different passwords, whenever you needed to prove who you are on the web or in an app, you could plug in your Yubikey (or tap your Nymi!) and viola, “Identity Verified!”
What this means for you:
The Yubikey Neo isn’t available yet, and Google hasn’t given a firm date as to when it will be available other than “2014”. Also, the utility of the device is highly dependent on a wide variety of services adopting the authentication platform, so even if they made it available as early as next month, you may find it to be somewhat useless until your favorite providers implement the technology, if they do at all. If you want to show your support for the death of the password, you may want to jump on the Nymi bandwagon, as even if the product never gets widely adopted, you can still accessorize with a wearable conversation-piece!
Anyone who’s watched a Hollywood thriller in the past three decades is familiar with biometric scanners, and along with it, the various means movie villains have used to subvert these systems, including methods that would be horrifying to consider when applied in real life. Now that the new iPhone 5s has a fingerprint scanner, those of us with more vivid imaginations have envisioned a new rash of thefts paired with bodily mutilations. Fortunately for everyone, the manufacturers of the fingerprint scanner on the new iPhone have stated quite clearly that the only way the scanner will register a proper fingerprint is if the finger is still attached to its living owner.
What this means for you:
It’s too soon to tell whether or not the technology in Apple’s latest smartphone is subject to the same hacks that rendered earlier incarnations useless for serious authentication. There are also concerns that Apple, or even the NSA could be gathering fingerprints for their super-surveillance database. Given all the attention the NSA has already been given regarding its privacy invasions, it’s a safe bet that they are going to steer clear of this particular minefield (at least for the time being) and Apple is also savvy enough to avoid alienating its passionate fanbase with such a heavy-handed misuse of their personal privacy.
Frankly, if the convenience of the fingerprint authentication gets you to secure your iPhone where before you did not, then I’m already a fan. For you Android users out there jealous of Apple’s spy gadget tech, have a look at Nymi, and watch for other biometric gadgets to arrive, especially now that Apple is trying to make them sexy again. You should always secure your mobile devices, especially if you use them to access email or work data. As we can all attest, passwords and pins are a big hassle, especially when you are on the go, but you should never let your phone out of the house without one.
Image courtesy of thawats / FreeDigitalPhotos.net