18 June 2015

Why Password Vaults, and Emojis are not the Future of Authentication

The news this week that Last Pass has suffered a security breach is a reminder of why I am not a fan of the password vaults currently on the market.

Password vaults serve one purpose only and that is to make it easier for people to store their login
credentials centrally. They are not about making those credentials more secure. Yes, you will see marketing materials talking about encryption and the like, but at the end of the day all you are doing is consolidating your passwords and ‘securing’ them with just one master code.

People buy in to password vaults for convenience in fact Last Pass has the tagline ‘The last password you’ll ever need’. It is essentially the same as storing all your credit, debit and store cards, along with your driving licence and cash in a wallet. It seems like a great idea until it gets stolen.

For me, the root cause of the problem isn’t the password vault itself, but the password. Most of us tend to see the login screen as an obstacle that stands in the way of us doing what it is that we want to do. Anything that makes it quicker and easier to get through the process is welcomed with open arms. To illustrate my point, how many of you click the ‘remember this password’ when given the opportunity? I know I have.

If we are being honest most of us are willing to make some form of trade-off between security and convenience, but we should not be expected to do so. Passwords continue to haunt our lives because organisations decide to enforce their use, and in most instances it is because they do so as they don’t know what else to do. As security professionals it is our role to give these organisation choice, show them that there is a better way and crucially, put forward a compelling business case that will drive lasting change.

At the same time Last Pass has been hitting the headlines this week, so too has Tripwire for its attempt to solve the problem using Emojis. As a marking gimmick it has certainly succeeded in grabbing attention, and they seem to be heading in the right direction by trying to make login credentials easier to remember and leveraging the capabilities of mobile devices. But could such a solution viably replace every website, mobile app or corporate network that currently uses a password? Emojis might appeal to millennials logging on to a social forum, but would a silver surfer feel comfortable using them for their online banking? It may well be more secure than a password but I can’t imagine entering: smiley face, sad face, birthday cake and love heart to authorise a transaction from my corporate bank account!
Meanwhile, at the other end of the scale biometrics are promising to change the world, but unless you are a large bank with money to burn it is pretty much out of reach, and even then you have the issue of standardising on a biometric.

This is the big challenge we as an industry face if we are going to replace something as ubiquitous as a password. We need to find something that has the potential to be just as ubiquitous in the future, otherwise we will be stuck in the same old rut. 

We think we might have just the thing! www.pingrid.com 

Author: Fred Astfedlt, Winfrasoft


17 comments:

  1. Replies
    1. IEEE Final Year Project centers make amazing deep learning final year projects ideas for final year students Final Year Projects for CSE to training and develop their deep learning experience and talents.

      IEEE Final Year projects Project Centers in India are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation.

      corporate training in chennai corporate training in chennai

      corporate training companies in india corporate training companies in india

      corporate training companies in chennai corporate training companies in chennai

      I have read your blog its very attractive and impressive. I like it your blog. Digital Marketing Company in Chennai

      Delete
  2. any email writers use emoticons because the icons are quick and easy to use. So it's essential to enable emoticons in our social media sites and smart phones. Emojis enables a Japanese keyboard. emoji

    ReplyDelete
  3. Very interesting blog. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one. Just thought that I would post and let you know. emoticon vs emoji

    ReplyDelete

  4. تنظيف منازل بالدمام شركة تنظيف
    تنظيف منازل بالاحساء شركة تنظيف منازل بالاحساء
    تنظيف منازل بمكة شركة تنظيف منازل بمكة
    تنظيف منازل بجدة شركة تنظيف منازل بجدة
    تنظيف منازل بالمدينة المنورة شركة تنظيف المنازل بالمدينة المنورة

    ReplyDelete
  5. I got too much interesting stuff on your blog 홀덤사이트
    . I guess I am not the only one having all the enjoyment here! Keep up the good work 온라인홀덤

    ReplyDelete
  6. Thanks for the blog filled with so many information. Stopping by your blog helped me to get what I was looking for 인싸홀덤
    . Now my task has become as easy as ABC 인싸포커 .

    ReplyDelete