Death of the password?

New web stan­dard trades pass­codes for bio­met­rics

Cape Breton Post - - BUSINESS - BY MICHAEL OLIVEIRA

The death of the password could be upon us.

A new se­cu­rity stan­dard re­cently en­dorsed by the World Wide Web Con­sor­tium has ex­perts ex­cited about the prospect of mak­ing lo­gins “un­phish­able” and end­ing the vul­ner­a­bil­i­ties that cur­rently ex­ist be­cause so many users have poor “password hy­giene” and re­use the same one across count­less web­sites.

The Web Au­then­ti­ca­tion (We­bAuthn) stan­dard de­vel­oped col­lab­o­ra­tively by mem­bers of the FIDO Al­liance - which in­cludes the likes of Ama­zon, Facebook, Google, In­tel, Len­ovo, Mi­crosoft, Pay­Pal, Sam­sung and Visa - al­lows web surfers to use bio­met­rics such as fin­ger­prints or fa­cial scans in­stead of in­putting a password.

Plug­ging a com­pat­i­ble USB de­vice into a com­puter can also be used to by­pass password screens on par­tic­i­pat­ing web­sites.

“I don’t think the password will be killed to­mor­row, or even within the next three to six months, or even year,” says Joni Bren­nan, pres­i­dent of the non-profit Digital ID and Au­then­ti­ca­tion Coun­cil of Canada.

“But there’s a shift and a jour­ney that needs to hap­pen and to fi­nally move past hav­ing so many pass­words and ide­ally not hav­ing pass­words at some point - this I think is a re­ally key step.”

Mozilla’s Fire­fox browser has al­ready im­ple­mented the tech­nol­ogy while Google and Mi­crosoft have also com­mit­ted to up­dat­ing their browsers.

Users who adopt the new stan­dard will ba­si­cally be up­grad­ing to a level of se­cu­rity used for pro­tect­ing state se­crets, says Van­cou­ver na­tive John Bradley, stan­dards ar­chi­tect for the se­cu­rity hard­ware com­pany Yu­bico, a board mem­ber of the FIDO Al­liance.

“Es­sen­tially you’re mov­ing peo­ple from be­ing able to do re­mote at­tacks to phish you to ac­tu­ally hav­ing to break into your house and steal your phone ... and ex­tract your pin from you at gun­point. It sig­nif­i­cantly raises the bar,” says Bradley, who pre­dicts some pop­u­lar web­sites may start of­fer­ing the new type of lo­gin within a cou­ple of months.

He says se­cu­rity ex­perts call the lo­gin method “un­phish­able” be­cause there’s no in­di­ca­tion yet that hack­ers could com­pro­mise it.

CP PHOTO

Hands type on a com­puter key­board in Los Angeles in 2013. The death of the password could be upon us. A new se­cu­rity stan­dard re­cently en­dorsed by the World Wide Web Con­sor­tium has ex­perts ex­cited about the prospect of mak­ing lo­gins “un­phish­able” and...

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.