As A Society, We Don’t “Do” Passwords Well
Rob Coombs from ARM tells us some top tips to improve our use of passwords
We are forever forgetting whether we should be using the six-digit, no repeating numbers password or the eight-digit upper and lower-case one that may have something to do with our favorite pet. If we’re even remotely conscientious about our passwords, we have a number of them which makes remembering each difficult.
This password fatigue is a big problem these days. Even when a major hack attack occurs and passwords jump to the fore of our consciousness, few people actually set about to change all their passwords.
On smart phones, the situation can be even worse.
With so much password fatigue from our computers and web browsing activity we tend to make our mobile passwords relatively easy (who wants to punch in all those numbers anyway on that little virtual keyboard??).
This of course makes us incredibly vulnerable.
Authentication and security should be an integrated background activity, allowing users to do more and carry on with their day to day activity uninterrupted. It should enable a frictionless world for logging into accounts, making payments, accessing documents and potentially starting a car – with just a swipe or scan…
The solution should be easy, brainless and simple to implement; an impossible task?
Fortunately, it might not be, thanks to an industry collaboration driven by the two-year-old FIDO (Fast Identity Online) Alliance. FIDO has developed new protocols that enable simple, strong authentication between the user, device and the service provider (or relying party). On mobile devices, for example, FIDO can be used with biometric authenticators to enable services with the swipe of a fingerprint or the scan of an iris.
In other words, register once with a favorite online shopping site or bank and then only a simple method of authentication specific to the user need be used (fingerprint, PIN etc…) to unlock access.
Recently, NTT DOCOMO became the first company to roll out FIDO authentication throughout its network, allowing it to replace passwords for millions of customers across its services with a range of enhanced authentication methods. By eliminating passwords NTT DOCOMO has simultaneously provided a superior user experience and enhanced security
The industry collaboration makes FIDO even stronger. Hardware-based security developed by vendors helps protect FIDO from malicious attack. Assets such as cryptographic keys, sensitive processes and the capture of authenticator data are protected from malicious attack, and the integrity of the system is maintained.
This is done by effectively walling off these areas in hardware. For example, TrustZone technology from ARM provides the hardware isolation necessary for a trusted execution environment.
FIDO-based authentication is already deployed at scale and looks set to become an industry success story by helping consumers move beyond passwords. And while the technology behind this has taken time, effort and collaboration to develop, it demonstrates that when security is well architected it can deliver delightful user experiences and keep the black hats at bay—and make password fatigue a thing of the past.
Rob Coombs is security marketing director at ARM Holdings
Are you a security pro? Try our quiz!