Beijing time, August 11th news, according to foreign media reports, now smartphones have become very popular, and many people use them both in work and life. For this reason, they are very likely to replace the passwords used in various platform identity authentications.
Most experts believe that we need a more secure method than passwords to protect website security. People tend to love using passwords that are easy for others to guess, which greatly reduces the effectiveness of passwords. Moreover, advanced decryption techniques can even allow encrypted passwords to be easily cracked by hackers.
Since almost everyone has a smartphone, it is considered an ideal place to store credentials. As long as some sensors are added to the smartphone that can be used to identify users, then using this device for security authentication will be much safer.
"I think this idea is great," said Trent Henry, an analyst at market research company Gartner, when talking about the method of using smartphones for identity authentication. "We believe this will be the popular authentication model of the future."
The emergence of alternatives
Many security solution providers who share the same view as Henry are working hard to push the industry in this direction. These suppliers include Authy, Clef, and Duo Security, among others.
Even large security companies are preparing to enter this market. Last month, RSA, the information security division of EMC Corporation, acquired PassBan. PassBan's technology allows smartphones to be used for voice and facial recognition in multi-factor authentication modes.
Today, most security service providers have already used mobile phones for two-factor authentication. If a website supports these providers' services, then when a user logs into the site, it will send a unique personal identification number (PIN) to the user's phone, and the user enters this PIN to complete the login process.
Unfortunately, most users are unwilling to take these extra steps. Therefore, they are constantly seeking more convenient and seamless methods.
Last week, Authy took a step in this direction, launching an application that connects iPhones or Android phones to Mac computers via Bluetooth. From that point on, when users access websites like Facebook, Dropbox, Google Gmail, or other sites supporting this application, the authentication information stored in their phones can be used to automatically log into the site.
Daniel Palacio, founder and CEO of Authy, believes that this application is just the beginning. When the right time comes, this authentication method will be used on Google Glass, smartwatches, or other wearable computers.
The work of Authy and its competitors shows that the industry is seeking a perfect solution, which currently does not exist.
Biometric technology may rise
"The various security experiments emerging in the market indicate that we have not yet found the ideal solution. We may never find a solution that suits all scenarios," said Eve Maler, an analyst at market research company Forrester Research. "Unless one day such a solution appears, passwords cannot be completely replaced."
In order for smartphones to replace passwords, they must accurately know that the person logging into the site is the user themselves, not a fraudster who picked up or stole the phone. Biometric technology is a viable solution, provided reliable, high-security fingerprint scanners and voice and facial recognition technologies can develop.
Another possible solution is phone sensors that can recognize the way a user walks. This technology, known as gait recognition, is currently under study at Georgia Tech and MIT.
Once biometric technology can reliably identify smartphone users, "we can get a very, very secure authentication system, avoiding a lot of trouble," Palacio said. "People just need to buy it, and it will work."
Although such a system may be much safer than the current password systems, this does not mean that hackers will give up. "Attackers will target these new technologies, so we must be very cautious about these security systems," Henry said. "In other words, you still need to anticipate what kind of attacks might occur."