Hate passwords, love security. We hate them because we forget them, tend to use one password across all services (giving stuck on stupid a completely new level of fail) and end up using the reset password rescue function more times than we would like to.
Can anything help? Is there anything we can do?
The correct answers are: Biometric security, 2-Step Verification and other mobile hardware based authentication solutions.
Mobile hardware based solutions to authentication solutions for interrogation by systems that require positive user identifications is a huge topic in the mobile space. Now that mobile devices are more commonplace across the spectrum of probable users and is affordable and available, handsets are being used as the passkey, allowing users to pass the responsibility of passwords to their most intimate of possessions: the cell phone.
In one capacity or another I make use of each of the 3 solutions we are going to cover in this piece. I utilize biometric security or ‘TouchID’ for lock screen authentication, AppStore purchases, ApplePay and in-app purchases. 2-Step is active in every one of my social media and web/data services providers login methods: Facebook, Twitter, Apple, Google etc. asymmetric video cryptography I have actually deployed on this very website for a test deployment. Lets cover that one first…since it is the coolest.
Asymetric Cryptography in a 2-Step Authentication solution.
Clef is my solution of choice when it comes to video cryptography authentication solutions on a mobile handset. It does not use tokens or even passwords…just a simple 4 digit pin. The downside is integration. It’s not native to any hardware platform, but it should be. This means that anyone you expect to authenticate with Clef needs to download an app, pre-register, confirm and verify before it can be used on your site.
The best thing is it doesn’t cost users any money, and pricing is reasonable for deployers. Why dont you head over to getclef.com now, get it installed and you can try it out here.
To do irrigation is the most widely used form of hardware-based authentication from developers and vendors web and the services that require the user before services can be used. If you own a mobile device, every account that you have a login for have should be configured to use two-step verification.
How it works, is you still have a password but not only do you have to answer the password interrogation correctly but once you have verified the correct password the system then sends you a six or eight digit verification code to your mobile device via text message or if you’re on iOS then it uses the end-to-end encrypted iMessage protocol with 4 digits. Once you have completed this 2nd step (hence the name 2 step verification) you are granted access.
For knuckleheads that use the exact same password across every platform for web and data services, this is a no brainer, and an epic fail if ignored. Obviously if using the same set of credentials across all your accounts once compromise from one account. With two-step verification an attacker needs the correct password, and physical possession of your mobile handset to gain system access.
iOS 9 mobile Safari Passwords.
One of the cool things that iOS 9 has in beta 2, is a mechanism that is very similar to keychain access in Mac OS. If you happen to forget your password you’re able to look in a couple of separate places for in the encrypted storage container that holds all of your saved passwords you told safari to remember. This makes it a lot more convenient to use the 16 digit suggested password that mobile Safari prompts you to use, because if you happen to clear your browser cache and are unable to use the cached password you will be able to look up your submitted credentials by the URL that the password is saved under, and then copy and paste.
So try to remember to make it a habit to NOT, I repeat NOT MANUALLY ENTER ANY PASSWORDS. Just allow Safari to suggest them for you, DON’T copy them into notes or take screenshots, but make sure you allow the browser to remember the password, it will prompt you automatically So the next time you are asked to register for or required to submit credentials for a service, you should feel comfortable with using the mobile Safari 16 digit strong password, because there will be a reference to it.