Two-factor authentication entered the mainstream as a foolproof way to protect those of us who still insist on using the same password for every single site, no matter how many times we’re warned that any entry-level hacker could figure out our childhood nickname and lucky number. However, while it does add an extra layer of security, texts are interceptable, as are all things digital, meaning that even two-factor authentication is hackable. This fallibility has led to an interesting cybersecurity development, one that top cybersecurity experts across industries have used for years, according to a NewtonX cybersecurity survey, and one that tech giants including Google are now rolling out to consumers. This super-secure new technology? Physical keys.
NewtonX conducted deep-dive interviews with 10 cybersecurity experts formerly with Google, Symantec, McAfee and Microsoft. The insights gleaned from these interviews, in addition to the data collected in the aforementioned cybersecurity survey, informed the data and insights in this article.
Anything Digital Is Vulnerable: Why There’s Safety in Physicality
Security tokens have been used by companies for years. In 1993, the SecurID hit the market, and was eventually acquired by RSA to be marketed to businesses that dealt with highly sensitive information. These keys or tokens can be either plugged into a USB port or pressed against a device to activate Near Field Communication. Because they must be physically present, they cannot be virtually intercepted by a hacker.
YubiKey and and its competitor the Google Titan were developed as affordable and convenient authentication devices for consumers and businesses that want to protect individual employees’ devices and virtual information. Google tested its key with all 85,000 employees and announced that since the implementation there had not been a successful phishing attack at Google.
Consumer habits, both in the workplace and outside of it, are incongruous with the sophistication of hackers. Three out of four people use duplicate passwords, and 21% of Internet users use passwords that are over 10 years old. This puts sensitive business information at risk, even when companies require employees to use two-factor authentication. In 2013, tech leaders recognized this vulnerability, and launched the Fast IDentity Online Alliance, a consortium founded by Paypal, Nok Nok Labs, and others, to support the development of authentication technologies including biometrics, facial recognition, security tokens, smart cards, and near field communication. Today, the consortium members include Google, Intel, Microsoft, Qualcomm, Visa, and numerous other tech and finance giants. FIDO2 is a standard certified by the Alliance, and the Google Titan and YubiKey can be used with any company that has this certification (including Facebook and most large technology companies).
The Death of Passwords? Tech Giants Say Yes
Password-free login and security has been initiated by almost every large tech company over the past eight years or so. Most smartphones encourage biometric access; many companies have adopted security tokens or near field communication over passwords for authentication; and even smaller startups have adopted two-factor authentication. Passwords on their own are no longer the shibboleth they once were.
Password-free login is live on all Windows 10 products including Skype, Xbox Live on PC, Bing, and Outlook. It’s available on almost every smartphone available, and is heavily encouraged on new iPhones. Tech giants mandate password-free login for all employees, and many also encourage users to leave passwords behind. The only thing keeping passwords alive is change-averse consumers.
As more and more tech giants experience data breaches, from Google+ to Uber to Yahoo!, they will increasingly push consumers to protect their own data against phishing and other forms of hacking. The only thing that remains to be seen is whether users will acquiesce to giving up the ease of a 10 year old password in favor of what appears to be an antiquated form of technology: a key.