Last year, Google began experimenting with hardware-based schemes for user-authentication, while Apple added two factor authentication to iCloud and Apple ID users. They began sending a verification code to users via a mobile number registered in advance.
Security pundits know that two factor authentication is more secure than simple passwords. As a refresher, “Factors” are typically described like this:
- Something that you know (a password — or even better, a formula)
- Something that you have (Secure ID token or code sent to cell phone)
- Something that you are (a biometric: fingerprint, voice, face, etc.)
The Google project may be just another method of factor #2. In fact, because it is small (easily misplaced or stolen), it simplifies but does not improve on security. I suggest a radical and reliable method of authentication. It’s not new and it’s not my idea…
Continue reading “Passfaces: Strong authentication for the masses” »