Passwords are so ingrained in our digital lives that they are practically taken for granted as a necessity for our online protection. But one day, physical security tokens might take the place of this ubiquitous safeguard.
Users repeatedly discover that passwords are all too exploitable, even by the newest of script kiddies. Whenever we respond to major breaches, new guidance develops around password selection; we attempt to refine the model to make it work properly.
Lately, however, the password has come under scrutiny as a gold standard for online protection. Online service providers, while still using passwords, have started fortifying the login process with multi-factor authentication.
In the most common implementation, users are supplied an additional code, sent to their device for one-time use, after they have input the correct password. But a new authentication method is gaining some traction in the tech community after promising early results.
The Rise of Security Tokens?
Physical security tokens, such as Google’s Titan or Yubico’s YubiKey, have made waves with some tech and security analysts by both simplifying and strengthening security, at least In terms of vulnerability to third parties gaining access to credentials. With physical security tokens, all a user must do is connect the security device via USB (or in some cases, wirelessly) and take some small action such as tapping a key on YubiKey.
The physical token method has reported some success. Google reported that implementing Its Titan key across the company has resulted in a complete shutout of phishing attacks on employees. Microsoft has been taking a significant interest, too, working with Yubico to add support for Windows 10 and Azure authentication.
Evangelists believe physical security tokens are strong enough to function as a first-factor authentication, but most agree that they will remain part of a two-factor model for the foreseeable future. Some warn of kinks in a seemingly flawless veneer. This has to do with the authentication method’s means of connecting by USB, which can in itself be exploited or compromised. Google itself recently faced pressure due to the fact that its Titan keys had been manufactured in China.
Physical authentication devices also have inherent challenges. Users could find themselves locked out of their account while waiting for a replacement to arrive, for instance; that and other similar problems could sacrifice productivity for that potentially enhanced security.
For now, it appears authentication isn’t on the verge of serious disruption, and passwords still are in the picture. New methods are in the works that ultimately may change logins as we know them; just don’t wait for a sea change to make sure you are doing what you can to protect your privacy.
If you are looking for a partner who can help you get up to speed, contact Lunarline today.