Mobile phone authentication - the light dawns

I was down at the Infosecurity Europe event yesterday where I met up with GrIDsure, a company that has developed a whizzy pictorial alternative to PIN-based authentication technology.

One of their partners is a company called Masabi, which develops mobile phone applications.

Chatting with Ben Whitaker, the firm's founder, was interesting, as he has developed a software applet that uses GrIDsure's technology to authenticate users when accessing Web sites.

The idea is a good one, as mobile phones are so ubiquitous, but he explained that, even if a punter loses their mobile phone, the theidl cannot use a handset to log into a Web site and forge their GrIDsure ID, as the ID is picture- rather than PIN-based.

This started me thinking about authentication and mobiles. They really are in such common usage that it's surprising that none of the banks haven't started using them as an authentication device.

HSBC, for example, after testing the SecurID token system for its business customers this last 12 months or so, has announced it is implementing the Verisign EV SSL system to enhance security for its
consumer customers.

The EV SSL system turns the address bar green on the Verisign system, which is a good indication to punters that the site is a legit one. But how long before the hackers subvert the system and work out how to turn an address bar green using extensible code?

Nah, the authentication future's is definitely the way to go with mobiles...