New York: 19:37 || London: 00:37 || Mumbai: 04:07 || Singapore: 06:37

Global Outlook

On-Line Accounts and Passwords

April 29, 2014, Tuesday, 17:03 GMT | 12:03 EST | 20:33 IST | 23:03 SGT
Contributed by eResearch


At some point or another, I have lost count of my many online identities. There is my personal email, company email, online banking, online brokerage, HSA, 401(k), live trading software, Facebook, Linked-In, Netflix, HBO Go, Reddit, Twitter, company devices, personal devices, multiple Wi-Fi access points... you get the idea.

Each day, I type in a dozen different usernames and passwords to access a dozen different services. For accounts I do not use often, I will sometimes forget which password belongs where, and I am forced into guess-hacking my own account. At the same time, each account represents a constant and substantial threat to my personal identity. A successful hack would grant an intruder the ability to pose as me in public and private forums, reroute my finances or, even worse, pervert my cherished Netflix "recommended" list.

Of course I am kidding about the last part but, all jokes aside, the process is tedious, outdated, and in drastic need of improvement.

Some people choose to avoid the confusion by using one username and password for all of their online accounts. The danger, of course, is that if one account is successfully broken into, then so are all the others. It is much safer to have your online accounts completely disconnected from each other. Unfortunately, this is virtually impossible to do now that most online services require your email address to sign up.

Others choose to write all their passwords down and carry the information around with them. This may be a good method to minimize online attacks, but it puts you at high risk of offline password-cracking methods, such as shoulder surfing.

There is also the option of storing your passwords into your web browser, which is probably the least secure. Web developer Elliot Kember found that anyone with physical access to your computer would have immediate access to any passwords stored on your browser this way.

Perhaps an even more important issue is the recent revelation surrounding the infamous Heartbleed bug, a flaw in open-source encryption. For the last two years, Heartbleed has allowed hackers to access countless amounts of "protected" online information, such as Facebook and Gmail accounts. Even users' credit card information has been at risk for the last two years.

The harsh reality is that the passwords we use are not nearly as secure as we once thought, nor are they in any way convenient.

Fortunately enough, there is a hit squad of powerful tech companies ready to bury the password for good — and, of course, make some money in the process.


Technology's Greatest Alliance

In July 2012, a non-profit industry consortium known as the FIDO (Fast IDentity Online) Alliance was formed to address the issue of secure online authentication. In less than two years, the Alliance has attracted 18 different companies to its board. The list includes heavyweight tech players such as Microsoft, Google, and Samsung, as well as influential banking and credit institutions such as Bank of America, Discover, and MasterCard.

The ultimate goal of the FIDO Alliance is to allow for easy and secure online authentication through two primary means: physical authentication, and a standardized authentication protocol.

Physical authentication means biometric measures (fingerprints, iris scanning, voice recognition, etc.) and electronic security tokens similar to the key fobs we use for our cars. The obvious benefit of this is that your physical presence is required to access an account.

As for a standardized protocol, FIDO is simply establishing a set of common guidelines to ensure that authentication is secure, simple, and inter-operable. This means one key for all of your online accounts — or at least those which meet FIDO standards.

At this point, the wide-spread adoption of FIDO is nearly certain. With Google on board, the Alliance immediately captures over one-third of the online community (37% of people now use Gmail). Add in the user base of Microsoft, Bank of America, and MasterCard, and you realize just how many online accounts will be affected by FIDO protocol.

In addition to the online accounts we use, FIDO's adoption will also be driven by our choice in mobile devices. Samsung's recent release of its flagship Galaxy S5 phone marks the first FIDO-certified device to enter the market. Using fingerprint scanning — and through an exclusive partnership with PayPal — Samsung's S5 allows users to make online payments in a way that is both faster and more secure than consumers have ever seen before.

With Lenovo and Samsung on board, FIDO touches 36.1% of the mobile device market. Additionally, the Alliance has already seen support from Netflix, LG Electronics, Goldman Sachs, and a total of over 100 other certified partners.


Dog Days Are Coming

FIDO is likely to have profound effects on much of the tech industry, both good and bad.

Starting with the bad first, FIDO may end up hurting the bottom line of non-adopters such as Apple. The convenience and security provided by FIDO protocol will make the process of typing in a password seem ancient and outdated. This would be especially bad news for the iPhone if Apple does not get on board fast.

As for the good, FIDO provides a strong boost for a few companies in particular, the majority of which fall under the biometric umbrella. This includes companies dealing in facial recognition, voice identification, and fingerprint-secured key fobs or security tokens.

Of course, the greatest benefit of FIDO goes to online-focused banking firm PayPal. The company's chief information security officer Michael Barrett serves as president of the consortium. We can expect Barrett to have a significant influence across FIDO and, of course, for its protocol to be tailored in PayPal's favor.