Their vision revolves around using an authenticator device – their initial version is a tiny USB card key (pictured) running of course a version of Google Chrome but they say the technology can be used on most computing devices (unless like iOS you don’t have a USB port). Great idea but security “dongles” have been around for a long time (initially used to prevent software theft) and users universally despise them, especially when lost.
This opens up a whole raft of issues about internet security. First if this USB system became too ubiquitous we would have muggers asking you to “hand over your wallet and your dongle” – in fact they may not even bother with the wallet as few carry lots of cash any more.
Sure passwords are inherently flawed – simply because users tend to adopt word/letter/symbol combinations they can remember (dog, birthday etc) and then they tend to use them for everything on line. Bad policy – variety gives identity thieves a challenge!
A typical password can be cracked not only by lucky guesses but by brute force, stolen with a key logger (spyware), or reset completely by convincing a customer support department that the caller is really you (knowing your mother’s maiden name, date of birth is all too easy).
See Wikipedia if you want to know more. One scary statistic - an 8 character (mix of alpha, numeric, symbols and case i.e. 32 bit strength) password takes 16 minutes to brute force crack – even less at the movies…
Biometrics (fingerprint, iris/retina, facial recognition) showed promise until Hollywood directors decided that it was cool for the bad guys to cut off a finger or gouge out an eye. Behavioural biometrics (typing rhythm or voice timbre) also show promise giving Hollywood Directors and Mythbusters the next challenge to crack.
For a password system to work it needs to be a universal standard (and Google et all need to collaborate and show leadership), easy to use (no inserting a dongle anywhere), difficult to forge or steal under duress and easily upgraded when the crooks work out how to circumvent it.
I think the answer lies in some form of personal near field communication – perhaps a chip embedded in your body with some tamper proof failsafe in case of abduction or death – but that’s getting a little morbid and public rights advocates would decry a universal identifier as an extreme breach of human rights.
For now strong, robust, totally random passwords from password generator/manager software is the order of the day. Make sure all on-line accounts have different passwords especially those that let you log into one account and access others. Don’t use your email name as a login name if you can avoid it.
Password manager (software)
Without recommending any of the following software based password managers here are a few you may want to consider.
Norton Identity Safe (free for Mac and PC). It has Apps for iOS and Android (not Windows 8 RT/Phone yet). Norton has trusted name in security. (Click here)
RoboForm has been around for a long time and covers most platforms. This is paid software but covers a very side range of platforms. (Click here)
KeePass 2.x is open source freeware that is portable and can be run from a USB stick or installed. It supports Windows, Mac, iOS, Android, Blackberry and Windows Phone. Open Source should be encouraged and it seems to get high user poll ratings so try it. (Click here)