Since the dawn of the digital age, we’ve signed up to the password, trusting in its ability to keep our digital lives safe from thieves and those who would mean us harm.
Moore’s law tells us that every two years computing power doubles – meaning every two years the amount of time it takes to crack a password using a brute force attack halves. It’s now reached the point where a password can be cracked in minutes, sometimes in as little as just six seconds. Six seconds to potentially loose your entire digital life.
In an attempt to protect ourselves many of us have turned to increasingly long and complex passwords made up of numbers, symbols and differing cases. There are two things wrong with this, first, all it does is slow the hacker down-not-stop them.
Secondly, with no hope of ever remembering these complicated passwords we’ve resorted to writing them down, with many of us admitting to the unsafe practice of password vaulting, storing them all in one unsecure place!
The antidote to password hacking is two-factor authentication (2FA), which incorporates something you know, such as a password or PIN, something you are, such as a fingerprint or retinal scan, and something you own, which can either be a physical token or a soft token on a device you use every day, such as a mobile phone. The idea behind 2FA is to bring two of these separate methods together to introduce a much stronger level of security, should one of the methods become compromised.
In the past, increasing the security of user authentication has always meant additional time and complication to the end user logging in. Many organisations have therefore refrained from making it compulsory as they felt the end user experience was more important than the need for better security. Lacking simplicity, these solutions have not been able to replace the password and because of this our information continues to be at risk.
The media is awash with headlines of yet another celebrity that’s had their social media profiles or iCloud breached, with hackers stealing images and sensitive correspondence, as well as sending out embarrassing messages from their Twitter feed or Instagram. Social media platforms and the Apple iCloud all offer two-factor authentication but many clearly choose not to initiate it, despite having a lot to lose.
There is a solution however – Near Field Communication (NFC). The technology enables smartphones and other devices to establish radio communication with each other to wirelessly transfer data by bringing them into proximity. NFC differs from other wireless data transfer technologies such as Bluetooth as it doesn’t require devices to be paired before use.
Mobile applications can utilise NFC to securely transfer all the information required to enable a browser to start up, connect to the required URL, and then automatically enter the user id, password and second factor passcode in one seamless logon.
This technology can be used for any back end solution that needs to verify a user, whether it be at initial logon or at the point of verifying a transaction. Effectively, any time an application needs to positively prove the end user is who they say they are, this technology can be invoked.
This effectively removes the need for a password and creates a solution which is quicker, easier and more secure – all the ingredients needed to signal the death of the password. Windows 10, which is set to launch this summer, incorporates NFC technology into the operating system which means a Windows smart phone can be used to interact with Windows 10 tablets, laptops and PCs.
This technology isn’t just limited to mobile phones either. Wearable technology, highly personal in nature, can also be utilised, enabling you to authenticate using your smart watch by simply tapping your wrist against the corresponding device.
NFC is already supported on most leading Android and Windows smart phones whilst Apple is yet to open up the NFC chips in the Apple Watch and iPhone for third-party application use, it is expected to do this in the near future which will make NFC authentication possible for Apple devices as well.
From an end user perspective, they simply choose the account they want to activate, enter a four-digit pin or fingerprint, and tap their phone or smart watch against the corresponding device. A pin, a tap, and you’re in. It’s that simple.
Steve Watts isCo-founder of SecurEnvoy (opens in new tab).