Photo credit: www.businessfirstmagazine.com.au
Instances of hacking into a social media account are increasing. Protecting a bank account from hackers and cyber thieves is a worry. Crooks are known to skim off card detail,s including the CVV details,l and use that to transact on your card. Cases of ATM Pin being stolen from the ATM are quite common.
Most of us are frequent recipients of mail spam and fraudulent messages. Hackers can get hold of the password and with it access a computer, mobile phone, or any other device and application. Protecting information, money, and data from online theft is a challenge that most of us are forced to contend with in today’s increasingly online world.
Some of the well-publicized cases of mass data theft include the skimming of customer data from databases of Home Depot, JP Morgan, Anthem, and others. Hackers could get hold of the credit card and loyalty card information of millions of customers. The brand of these companies suffered as a result. Customers had sleepless nights.
Governments and public service utilities have also been shown to be vulnerable too. Nation states are known to hack into seemingly secure data of their rivals to steal critical information. Media has reported on state-directed theft of sensitive top-secret designs of military and corporate innovations.
As more and more devices get connected, we are forced to keep track of multiple passwords, one for each device and application. Remembering many passwords is quite a challenge. Passwords, PINs, and OTPs (One Time Passcodes) are some of the mechanisms introduced to authenticate a user’s identity. These are aimed at securing customer and individual data.
In response to cases of online theft and securing content, internet companies, application providers, device manufacturers, and governments have invested huge sums of money in building proprietary data protection security systems. Higher costs impact balance sheets and lack of interoperability between various systems leads to a lot of rework and duplication of effort.
The world sorely needed a common set of security standards that all stakeholders could consent to be part of. Security solutions could then be built by these standards. Protocols to access devices and solutions could then be defined to work seamlessly across systems and platforms.
At the heart of cyber theft lies the ability to tamper and get access to the user authentication information. With that access becomes possible and cyber theft objectives can be accomplished. In 2012 six companies got together to explore and devise a set of common standards and security protocols. A not-for-profit entity – FIDO (Fast Identify Online) Alliance, was created.
To understand the issue of cyber security better, I got around to having a mail conversation with one of the founding members of this Alliance. Nok Nok Labs is a Palo Alto California-based company. It has a management team composed of the world’s top-notch system security engineers. I connected with one of the Founders, the CEO, and their senior executive team members.
FIDO Alliance members have worked towards creating a new security protocol that helps people not need a unique password for each device and application. They also developed strategies to help the seamless incorporation of new authentication technologies like biometrics, iris scans, face and voice recognition, and other methods under development into the new set of security standards and protocols.
Simply put the new mechanisms now make it possible for a person to use identification information like a password, and biometrics like fingerprint, voice, facial data, etc, to be entered when logging in. Once logged in, this authentication data would automatically generate a private key. The private key is stored in the device and never leaves it. Simultaneously a corresponding public key is generated. It is this public key that is stored on the cloud. Authentication would happen when the two match. As the private key never leaves the device, e-hacking becomes difficult. To do so a hacker will need not just physical access to the machine but also biometric information.
The security architecture defined by FIDO Alliance can become effective when device manufacturers, application builders, and major users agree to adopt them. Additionally, devices and systems must be re-configured to enable the new security architecture.
The technology industry has given thumps up to the new FIDO Alliance-defined standards. From a six-member FIDO Alliance in 2012, today 260 corporations have joined the body. These include major companies like Google, Microsoft, PayPal, Bank of America, Visa, American Express, Google, Samsung, Alipay, and NTT DOCOMO to name a few.
Given the electronic security challenges customers and the industry face, this number is likely to grow. By when consumers would be freed of the need to remember multiple passwords was a question that kept popping up in my mind. I posed this to Nok Nok Labs CEO. Phillip Dunkelberger. It is best that I quote his response verbatim: “ It took us around 20 years to dig the hole we are in with usernames and passwords, and it will take us a number of years to get out of that hole. We have made major progress, though.”
Before we start celebrating, let us be aware that somewhere in the world, there are hackers at work. They will be trying to find a way to crack the new secure, user-friendly identity authentication system. Thieves do not like to stay out of business for long. It will be hard at work to steal our data, money, and privacy.
The task for companies like Nok Nok Labs and others is cut out. The battle against cyber thieves will continue.