A recent article in the Silicon Valley Business Journal reinforces the fact that the era of the password is over. We all know passwords alone are insecure, and when used as the only means to secure access can be easily compromised leading to costly breaches. Google is the latest to offer a stronger form of authentication by planning to get users to verify their identities with a “Login Challenge,” in a bid to prevent unauthorized access across all of its Web services. For example, Google will send users a text message with a verification code, which they will have to use in order to gain access to their accounts. Users will receive the challenge should the login pattern be different from users' previous attempts. The search giant noted that the move to implement two-factor authentication will reduce the number of suspicious logins. This is a combination of what Symantec calls Intelligent Authentication and traditional one-time passwords – standard features of Symantec VIP.
Two-factor authentication provides the second layer of authentication needed to help secure online applications and as the writer of the article says it is “not yet offered by all websites (and I ask, Why not?).” According to the 2013 Verizon Data Breach Report, 80% of data breaches could have been eliminated with the use of two-factor authentication (infographic). However, as was discussed at the recent Symantec Vision conference, for mobile devices it not just about strong authentication but also convenience. Most users access data from 3 or more devices – several of those are mobile; and typing in a verification code, as with a password, is particularly inconvenient on a mobile device. It is also easier to lose your mobile device or have it stolen.
The article poses the question if not passwords, then what. I would say we don’t want just another alternative, but rather one that is smart, simple, and secure; particularly for mobile devices. For Symantec the release of VIP Mobile Push is the first step, with the final step on the horizon in the form of biometrics; where your first factor is something you have (your smartphone) and second factor is something you are (your fingerprint). This not only has the effect of killing the password, but also mitigating the risk of others gaining access to the device.
Watch This to see how VIP Mobile Access is firmly on a path to a smart, simple, and secure passwordless future!
Follow us on Twitter
@SymantecVIP
@SymantecMPKI