Death to the PasswordTerry Roberts
Are we finally fed up with getting robbed blind online - fraudulent tax fillings, healthcare insurance applications, online credit card transactions and VPN access? It is time to skip echelon to broad implementation of next generation biometrically and encryption based authentication technologies and security approaches, enabling society to securely conduct the gamut of basic trusted transactions via all netted devices. What are we waiting for?
This was the focus of a Panel of Government CIO's that I moderated last month at the SINET Showcase at the National Press Club. Ironically each of the Panelists confirmed what I already suspected that in government while they have effectively transitioned to two factor authentication - passwords are definitely alive and well and make all unclassified networks more vulnerable than if next generation capabilities were leveraged.
Implementation of next generation two way online authentication is not being adopted rapidly because it requires a change in business, government and individual mind-sets in the power of leveraging our unique biometric data as our identity, encrypt it, and incorporate it into opt-in next generation security technologies that are available today. Let's host a "wake" for username and password simplistic authentication which has not been affective for years and is a huge frustration to all who are forced to use them on a daily basis. It all starts with end-to-end unbreakable trust with authenticated users. Where the Entity is the Entity and the person is the person they say they are and the bad guys cannot enter that chain of trust.
This discussion of course includes an all important conversation on personal privacy, protection and how new age thinking and approaches can stop the majority of cyber criminals from entering into these trusted transactions and stealing or committing fraud. While we will never keep all hacker out of our networks. We can protect what is most critical to our business and mission functions. We can conduct trusted transactions online with impunity and assurance - financial, legal, contractural, retail, proprietary, and security. We can be sure we are in fact connecting to a known and trusted entity or party and that they in turn are connected to the trusted party of choice - client, customer, protege.
But this level of online assurance can only be achieved if we transition via customer/client opt-in programs for online identity authentication, secure enterprise access and managing a secure chain of trust for every cyber transaction. It is a technological realm that employs biometrics and cryptology, removing the human frailty of passwords from the security equation. But there are discussions we need to have:
How do we leverage and yet protect our personal biometrics - like fingerprints?
Can we secure our enterprise access managed by a secure chain of trust for every cyber transaction?
Can we wipe out over 50% of today's online crime and fraud through some of these next generation technologies and approaches when they are implemented broadly?
What are the pilots we need to explore?
Two such companies who are interested in conducting next generation online authentication pilots are SolPass & ISC. Feel free to reach out to their leads:
If you are a company with a solution in this space - let us know about it!
Contact us at firstname.lastname@example.org.