The rapid rise in the availability of ever smaller, inexpensive, and increasingly powerful networked devices has revolutionized how—and how quickly—we create, process, store, and share information. These developments have transformed our world to such an extent it’s hard to recall what life was like before. Despite their rapid growth, however, the security challenges that have been created as a result of their expansion—password hacking, phishing emails, Internet fraud, identity theft, etc.—may soon force us to retire some of the tools we have become acquainted with in favor of new, hopefully more secure, ones. Some high-tech firms are already at work to revolutionize, once again, the way we share, store, and process information—but this time, with a focus on security.
So, what technology changes may improve our security in cyberspace?
- Retire the password – Passwords, no matter how complex, are not secure enough for today’s internet. Online passwords can be guessed, lifted from a password dump, cracked by brute force, stolen with a keylogger, or reset completely by conning a company’s customer support department (read Mat Honan‘s story of how hackers destroyed his entire digital life in the span of an hour, by first cracking his password to one of his accounts and then accessing all the others linked to that one). The password may soon be replaced by a small, compact, secure and very personal cryptographic key that can be mounted on a ring, key chain, or pendant. When inserted into a USB reader, this tiny Yubico cryptographic card sends a One Time Password (OTP) as if it was typed in from a keyboard, giving you automatic access to your personal account, service, or application. The advantage is that you wouldn’t have to remember a complicated password, and instead just use a quick tap on your computer with the ring on your finger to authenticate your device and then use that almost like a car key, to fire up your web mail and online accounts. The YubiKeys are small, relatively cheap ($25-$40) and do not require a battery. They cannot be duplicated or recorded, providing a credential based on something only an authorized user possesses. They’re also incredibly sturdy, and can be fully immersed in water without damage! Of course, they can still be lost or stolen… Google has been experimenting with new ways to replace the password, including the Yubico card to automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register with a single mouse click. If enough websites adopt this login technique, people won’t need strong passwords, except on the rare occasion they need to make a significant change to their accounts.
- Replace the need for passcodes, passwords and usernames on your iPhone, iPad, and iPod – These tools will be replaced by an intuitive, secure fingerprint sensing technology that can read the image of a fingerprint and also detect motion and patterns. According to KGI Securities analyst Ming-Chi Kuo, “the fingerprint sensor makes sense for an iPhone more so than for an Android or Windows Phone because the iPhone only uses one mechanical button, while other phones have sometimes three or more buttons.” Apple has already invested millions of dollars to start implementing this fingerprint sensing technology and has even acquired AuthenTec, a mobile security company. AuthenTec, which designs fingerprint sensors and other security products for mobile devices, could really help Apple bolster the security of its products, which have been major targets for criminals and malicious software attacks. At just 3mm high and 1.3mm thick, AuthenTec’s first Smart Sensor crams a 500 pixel per inch, 192×8 pixel detection matrix and all the fingerprint matching technology necessary to accurately and securely detect and encrypt data about your finger. Apple’s new iPhone would have this fingerprint sensor hidden beneath the home button. AuthenTec claims that its “anti-spoofing technology” would ensure that only real fingerprints are read, and that its technology would allow different fingers to be associated with different functions. For example, you could use different fingers to play music, or ask for directions, or call a particular contact. Patently Apple offers cool descriptions of other higher integrated security features via biometrics that could also be used to enhance iPhone activities like e-Commerce.
- Retire the credit card—Make payments with smartphone and tablets that use a Near Field Communication chip. Research in Motion (RIM) has recently obtained Visa’s approval for its Secure Element Manager (SEM) solution, which allows for mobile payments on any device equipped with near-field communication (NFC) technology. The BlackBerry maker affirms that it has leveraged on its reputation for security to build SEM with the same complete encryption and security management that made the BlackBerry brand famous in the first place. This includes encryption of mobile payment data, both on devices and over the air to banks, and the downloading of applets with a customer’s credentials, as well as management of PINs and other authentication data used to activate a mobile payment. This development could pave the way for wireless carriers to offer their device customers the ability to make mobile payments through banks that work with Visa and potentially other credit card companies. For tech managers at midsize businesses who are desperate for strong mobile security solutions, this development could have a major impact on the future of business mobility.
- Retire your wallet altogether—Another option to replace the need to carry cash and soon even credit cards is by using Square, the electronic payment service that currently allows users in the United States and Canada to accept credit cards through their mobile phones, either by swapping the card on the Square device or by manually entering the details on the phone. Starbucks has heavily invested in Square and started using it this fall, catapulting this start-up’s technology onto street corners nationwide and giving a clear sign that mobile payments could soon become mainstream. Pay With Square, Square’s cellphone app, will eliminate even the need to take the phone out of your pocket or sign a receipt. At first, Starbucks customers will need to show the merchant a bar code on their phones. But when Starbucks uses Square’s full GPS technology, the customer’s phone will automatically notify the store that the customer has entered, and the customer’s name and photo will pop up on the cashier’s screen. The customer will give the merchant his or her name, Starbucks will match the photo and the payment will be complete. So what? It’s just a “small” price we pay as we privilege convenience over privacy. If enough merchant start accepting payments this way, people won’t need wallets at all! As for security, Square affirms that they are able to stop fraud via live monitoring programs that can detect suspicious behavior while analyzing the entire transaction process.
- Substitute your postal address with a digital code – Someday you might mail Francesca Spidalieri her birthday gift at 48724.2874.0953 instead of her physical address. This may still be a decade or two away, but it could potentially make it safer for people to receive packages and do business on Craigslist, for example. David C. Williams, inspector general at the United States Postal Service, has been churning out a series of provocative ideas about what the mail might look like in the future. For instance, linking a physical address to a secure e-mail address, providing the kind of identity verification needed for voting, school enrollment or commerce. Or completely revamping the street-city-state-ZIP address that the Postal Service has used for decades and replacing it with an all-numeric address. Again, this technological change may still be a bit far-fetched, but we could have never imagined all the functions that our smartphone has today just 5 years ago!