Open Source Cloud Authors: Liz McMillan, Mehdi Daoudi, Jason Bloomberg, Yeshim Deniz, Stackify Blog

Related Topics: Cloud Security, Mobile IoT, Microservices Expo, Open Source Cloud, Agile Computing, Wearables

Cloud Security: Article

If the Password Is Dead, What Replaces It?

When it comes to mobile security, what your phone says about you may be unique enough to pass for valid authentication

When we talk about online security there's a school of thought that suggests you can either make it safe, or you can make it easy to use, but you can't have both. As we see a sharp rise in online fraud and identity theft it seems that traditional passwords are neither.

The 2012 Identity Fraud Industry Report by Javelin Research revealed a 13% jump in identity fraud in 2011 with 11.6 million victims in the U.S. alone.

Smartphones are proving particularly prone to the problem, with 7% of owners reporting identity theft. When you consider the way we use our smartphone nowadays, for everything from online banking, to electronic tickets, to loan applications, then you can see the inherent dangers of inadequate security. How do we find a system that is easy to use and very secure?

The Problem with Passwords
For years now we have been lectured on the importance of creating long, complicated passwords using a mix of letters, alphanumeric characters and symbols. We were told that this would safeguard our security and prevent hackers from gaining access to our online life. In effect it left us having to manage a long list of complex passwords. How do you remember them? How do you store them safely? The whole process is no longer user friendly.

In a drive to make passwords more convenient there has been a growth in linked account options - single sign-ins that provide access to all of your accounts. That makes life easier for us, but it also makes life easier for hackers. Now all that's required to access your online life and steal your identity is access to one of your accounts. Cracking your email password gives cyber-criminals access to everything. Password reminder systems can be exploited and your entire digital life can be opened up.

Whatever way you look at it - passwords are not working. We need to find a better solution.

The Problem with Multi-Factor Authentication
Authenticating your identity is the trick and two-factor authentication is already popular. The idea is to combine a request for two or more factors whenever you log in. Factors break down into three categories:

  1. Knowledge - something you know
  2. Possession - something you have
  3. Biometric - something you are

This level of security has largely been confined to the enterprise thus far because it is expensive and difficult to implement. It's also rarely user friendly.

Rethinking Multi-Factor Authentication
Why does it have to expensive? What makes it difficult to roll out? Why should it be so cumbersome to use? The whole topic just needs a new perspective and it's something that a number of companies are addressing. The FIDO Alliance includes Google and PayPal among its members and it aims "to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords."

Naturally there are a number of different potential solutions. Traitware employs a system called PhotoAuth that requires the user to input a pre-selected sequence of images by choosing from a grid of thumbnails. Not only is it numerically more secure than a PIN, it's also easier for us to remember and pick out an image than it is to memorize an arbitrary number.

This "something you know" is combined with "something you have" in the shape of a smartphone app that verifies a number of device traits, such as screen resolution and device name, with user traits, such as your address book or music collection. You're talking about an identity so unique it's 1 in 390 billion.

Is Biometrics the Future?
Taking things one step further, we have biometrics as a possibility that could be the ultimate proof of personal identity. It seems Apple is looking at fingerprint readers after acquiring AuthenTec. BlackBerry has been exploring fingerprint scanning and even iris recognition. Other solutions like ConfidentID Mobile are trying to combine traditional PIN entry with voice, face and palm image matching. However, Google's easily spoofable "Face Unlock" feature, which could be fooled by a photograph of the person, highlights the difficulties in establishing user-friendly biometric systems that are genuinely secure.

We will surely see biometrics develop and become more affordable in the future, but they are not ready for prime time just yet.

What About Right Now?
The age of the username and password is almost certainly at an end. There is a general consensus that we need a new system. Manufacturers and service providers recognize that in order to persuade us to put our trust in mobile transactions, we'll need to trust that they are secure. Authentication is the key, but there are so many potential methods of verifying our identity that it's not easy to put your finger on the right solution just yet.

More Stories By Harlan Hutson

Harlan Hutson is president of Acuity Systems, developers of TraitWareID, a mobile authentication app that links the identity of users with certain personality traits of their devices, then ties the device and user with an Identity Binding Token. The IBT can act as a virtual token, or proxy for the authenticated end user in any transaction. For more information please visit http://www.traitwareid.com.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
CertiVox 06/26/13 06:13:00 AM EDT

Usernames and Passwords are history! CertiVox.com has just launched an open source solution, available to everyone called M-Pin, this technology allows your website or app to have ATM-like cryptology which will reduce authentication costs by up to 93% and banish username and passwords forever. It enables users to authenticate using a simple, ATM machine UI pin pad, rather than a username and password. Infinitely easier – but also infinitely more secure – than username and password.

M-Pin is two-factor authentication but without the cost of hardware tokens, user training and complex deployments. Owners of web, cloud and mobile applications can now get rid of their username / password vulnerabilities, bad user authentication experiences and the expense of password management systems. With the knowledge that the M-Pin System essentially makes any HTML5 browser into a strong authentication client that authenticates to the open-source M-Pin Server, which only stores one leak-proof cryptographic key, thus replacing the username/password database. If the key is compromised somehow, it reveals no details about end-users on the system.

Surely this kind of technology is where we can finally embrace proven strong authentication and eradicate the password fatigue. Anyone can download the open source M-Pin server at http://www.certivox.com

@ThingsExpo Stories
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER give you detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPO also offers s...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...