I just hit upon the article by Randall Stross "Doing the Two-Step, Beyond the A.T.M." among the New York Times news. The article first compares using a PIN code to using a password, just like I did some time ago. It then goes into suggesting the generalization of two-factor authentication with the help of a smartphone. Clearly, there's a need and a market here.
Whatever the solutions that will come up in the next years, they'll have to face the following challenges:
- Be user-friendly enough.
- Be applicable both for individual use and for corporate use (at least, integrate in BYOD processes).
- Allow for safe backup methods in case you lose one of the two factors, for instance, a stolen smartphone.
- Allow for Single Sign-On : avoid user-side repetitions.
- Allow for federation : avoid server-side repetitions, like maintaining similar lists of users in multiple applications.
- Allow for automated patches/updates. There will be flaws in the beginning, that will require patching.
We all need to be more proactive about our personal account security. But one thing that can’t be stressed enough is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, not enough sites are offering and promoting this option. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering my info enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.
ReplyDeleteThanks for the personal comment.
ReplyDeleteChristopher,
ReplyDeleteThat is a good posting. We have developed exactly what the NYT article says and your commentary as to how it should work. The significant barrier of 2FA entry for consumers (corporate has tokens and OTP but expensive..) is cost, trust, and user experience. With the LoginTC (logintc.com), we have achieved all the pre-requisites of security (pre-empt phishing and MITM attacks, convenience (like ATM cards) and use of smartphones and tablets. Great to see your posting. Hernan M
Thanks for the comment.
ReplyDelete