Personal Digital Identity...

In a world where online banking, social media, e-commerce and other online services are a constant part of daily life, a verified digital identity is an important validation of one’s official existence. In 2016, an estimated 1.5 billion people globally could not access routine banking services because of the inability to prove their identity with a valid birth certificate, passport, proof of residency or other commonly accepted means. Use of a digital identity is a way of authenticating the “real you” when utilizing digital connections like the internet. Access via biometrics With technology’s sprint into the future, various new ID schemes have been launched or initiated all over the world. Some include biometrics, mainly in the form of fingerprints. The newest form of biometric identification is face recognition. One such example is PopID, which offers a cloud-based platform that enables consumers to authenticate their identity by using facial recognition. PopID’s latest launch is a platform that can unlock workplace doors and enables employees to enter the building using only their face. The system can also provide building and facility managers with alerts about tailgaters following authorized users into a secure location without installing any additional equipment. Unlocking doors has moved from old-fashioned keys to magnetic key cards or mobile devices, and now face recognition looms as the next normal. Tech savvy building managers can replace key card readers with facial readers. If employees don’t want to use biometrics to authenticate, this program also accepts key cards and mobile devices to unlock the doors. Additionally, building managers can designate authorized employees and hours in which you can enter the property. Secure digital identification Digital driver’s licenses are a secure version of your official government ID in your smartphone. There is a new project known as...

Passwords Passé?

The password and its powers to secure our data is a topic that’s constantly on the minds of technology companies, and equally discussed by users. The central problem with the current form of data protection is what it needs to be most effective: passwords should be long, complicated, and changed regularly, thus increasing the possibility that they are forgotten by the account holder. Considering that that typical person nowadays requires 11 unique passwords, the system is unsustainable. The security landscape is subject to change even more since employees started bringing their own smartphones and other devices to work. Proliferation of individual devices is seen by many as a serious security threat, but there are also those who see this as a chance to improve security by using biometric authentication. Some researchers are inclined to think that mobile computing will be the driver and enabler of it. Biometric authentication is not new technology; it actually started in 2004 when IBM introduced the first fingerprint reader in its ThinkPad T42. Clain Anderson said then that the customer response to the fingerprint reader made biometric security a must-have feature; they invested in development of built-in iris scanners on portable computers. The trend continued, and now many of the laptops come with built-in fingerprint readers. Living in an era dominated by smartphones, the same tactic is slowly being adopted. The latest iPhone model, the 5S, has as one of its main attractions (and distractions at the same time), the Touch ID function, the sensor that scans the holder’s fingerprint, but only unlocks the device if the finger is that of the owner’s. Responding to privacy concerns over who will have access to this data, Apple stated that the fingerprint record won’t be saved on their servers, but on...

Password Fast Forward

These days, traditional passwords are suspect in their ability to handle the safety of our valuable online data. This isn’t a new problem.  Nearly a decade ago, in 2004, Bill Gates was predicting the demise of the alpha-numeric password, calling it a weak spot in security and identity authentication. He was one of the first to propose moving security onto smartcards and biometrics. With few exceptions, most programs, websites and protected databases are still using the standard-issue username/password combination for access. But with recent high-profile hackings like that of Wired tech writer Mat Honen last summer, the issue of changing password technology is a hot one again. So what are the current options? Behavior based gestures The government’s Defense Advanced Research Projects Agency (DARPA) is on the lookout for other forms of authentication based on behaviors, like the way people type or make other hand gestures. Security researchers are investigating the way people are using their machines so that their identity can be verified at all times: “for example, how the user handles the mouse and how the user crafts written language in an e-mail or document” they say on their website. DARPA’s program manager Richard Guidorizzi explains what makes this method different from the current password format: “My house key will get you into my house, but the dog in my living room knows you’re not me. No amount of holding up my key and saying you’re me is going to convince my dog you’re who you say you are. My dog knows you don’t look like me, smell like me or act like me. What we want out of this program is to find those things that are unique to you, and not some single aspect of computer security that an adversary can use to compromise your system.” Multi-step verification This is an option Google made available a while ago, and if you haven’t activated it, now would be a good time to do it. Google offers a two-step verification – it asks for the classical password, and also sends a text message with a code to your personal cellphone. According to Honen, who has taken on the issue of online security fallacy with a vengeance since his hack, this is just the beginning. The future of passwords means a combination of different identifiers that extend far beyond the password. The more pieces required for verification, the stronger the security of a system gets. Smartcards Google researchers are experimenting with a tiny Yubico cryptographic card that works somewhat like a car key: you slid it into a USB reader and it automatically logs a web surfer into Google opening your web mail and online accounts. They have modified Google’s web browser to work with these cards, but the best part is that there is no software download and once the browser support is there, it’s quite easy to use. Biometrics Facial Recognition. This option already exists under the form of a photo-based system that needs a picture of your face as login for the computer. Basically, if your computer is stolen and someone attempts to hack it, the software takes a photo of the person who tried and failed. For websites, Silicon Republic reports that teenagers Niall Paterson and Sam Gaulfield have created Viv.ie, a facial recognition system, available through an open API that website owners can deploy to allow their users to log in without a password. The technology is quite simple, it takes a photo of your face and then analyses it against the database of registered users. There are two problems though: whoever wants to hack your computer could show a photo of your face thus opening all channels to the uninvited guest, and it hasn’t yet been finalized due to high costs and little experience in the business world for the two 17 year-olds. It is definitely a start. Voice recognition. This one...