Are We Finally Seeing Better Online Security?

The recent barrage of security breaches and breakdowns—ranging from Target to Heartbleed—has clearly taken a toll on businesses and consumers. There’s growing recognition that the current password-based authentication system is profoundly broken.

Over the last couple of weeks, I’ve viewed discussions on Facebook and Twitter that clearly demonstrate growing outrage and despair about the current state of affairs.

Perhaps we’re reaching the tipping point. Although two-factor authentication (2FA) has existed for some time, we’re starting to see more online businesses make it available and more consumers willing—if not eager—to use it.

We’re also seeing much better authentication tools. For example, Google’s Authenticator app provides an easy way to view a rolling code and plug it into an app. It works flawlessly and easily with Gmail, Evernote and other software.

Meanwhile, Symantec’s VIP Access provides a Credential ID with a rolling security code. Some banking sites, such as USAA, now allow customers to set a password along with a PIN that can be combined with the VIP Access code to create a more secure token. Even sites that send text codes to a phone (including Dropbox, Facebook and Twitter) provide a far better alternative to passwords alone.

That’s the good news.

The bad news is that 2FA simply adds steps and complexity to a fundamentally flawed approach. This means that many consumers will never use it. What’s more, many top retailers— including Amazon, Walmart and Zappos—are glaringly absent in offering 2FA. So too are numerous banks, including American Express, Citibank and Wells Fargo.

Not surprisingly, mobile phones may represent at least part of the solution because they contain locks and sensors. MasterCard is now developing a system that recognizes where you’re at and where a transaction is taking place. If the transaction hasn’t been previously authorized, it’s declined.

But why not build authentication into devices? Why not use eye scans, voice recognition and fingerprint scanners?

FIDO authentication, which is backed by Microsoft, Google, Blackberry and PayPal, is a good start. However, for any platform or system to go mainstream, Apple must also show up at the party. Otherwise, we’re stuck with a fractured approach, continued security risks, and an ongoing drain on everyone’s time, money and resources.

Let’s get authentic: Passwords are no longer a winning proposition for businesses or consumers. It’s time to adopt a 21st century solution to a 21st century problem.

 

Picture of Samuel Greengard

Samuel Greengard

TRENDING AROUND THE WEB

If you recognize these 8 signs, you have a higher level of intellect than 95% of people

If you recognize these 8 signs, you have a higher level of intellect than 95% of people

The Blog Herald

8 things you’re doing that show you have high standards (without realizing it)

8 things you’re doing that show you have high standards (without realizing it)

Global English Editing

People who dream of being rich but don’t really want to work for it usually display these 7 specific behaviors

People who dream of being rich but don’t really want to work for it usually display these 7 specific behaviors

Personal Branding Blog

People who are highly intelligent but frequently misunderstood typically exhibit these 8 traits (without realizing it)

People who are highly intelligent but frequently misunderstood typically exhibit these 8 traits (without realizing it)

Small Business Bonfire

Reconnecting with Halloween’s ancient rituals: Modern practices to honor the past and find meaning today

Reconnecting with Halloween’s ancient rituals: Modern practices to honor the past and find meaning today

The Vessel

The art of letting go: how acceptance and mindfulness can transform your life

The art of letting go: how acceptance and mindfulness can transform your life

Jeanette Brown