Cybersecurity has become such a pressing issue in the U.S. that even national labs have created technology for the commercial marketplace.
Those vague promises that hackable passwords will one day be replaced with much more secure alternatives to protect our digital life are finally coming true.
Yahoo! has come out with a new app for smartphones, called Account Key, that has completely eliminated the need to use an ID and password to access e-mail.
Instead, users trying to log onto Yahoo! e-mail can now be sent a message to their smartphones asking, “Are you trying to log on?”
With a single tap of “Yes” on their phone screen, Yahoo! instantly gives them access to their e-mail—completely eliminating the need to enter an ID or password.
“Passwords are difficult to remember and secondary sign-in verification is inconvenient and confusing,” says Dylan Casey, vice president of product management at Yahoo!. “We’re now taking a major leap toward a password-free future with the launch of Yahoo! Account Key.”
“Cybersecurity attacks are ever more frequent and more sophisticated, and they destroy the trust needed to conduct business,” said Duncan McBranch, Chief Technology Officer, Los Alamos National Laboratory. “Every organization must improve its ability to detect and stop attacks as they occur, and before secure data is compromised.”
Yahoo! pulls off the feat by first asking a user to access his or her e-mail account in the traditional way—using an ID and password—and then downloading a smartphone app that deactivates that same ID and password.
The app then replaces the ID and password with a “digital account key,” which is permanently stored on the user’s smartphone in digital form.
The next time the user attempts to log on to his or her Yahoo! e-mail account, Yahoo! wirelessly detects the account key on the user’s phone, and grants access to the e-mail account when the user taps “Yes” when asked if he or she wants to see e-mail.
The implications of Yahoo!’s digital security technology are enormous.
Granted, for years, security pros have been successfully developing alternative methods to secure the digital world.
But this is the first time a major corporation with a global reach appears to have revolutionized the security on one of the most commonly used digital products on the planet.
Essentially: if Yahoo’s! new technology withstands the inevitable hacker onslaughts to kill it in its crib, Account Key could usher in an entirely new era of digital security.
“The widespread practice of typing usernames and passwords to log on to the Internet might soon become obsolete,” says Robin Murdoch, managing director, Internet and Social Business, Accenture. “Consumers are increasingly frustrated with these traditional methods because they are becoming less reliable for protecting their personal data, such as e-mail addresses, mobile phone numbers and purchasing history.”
Indeed, according to Accenture’s 2015 Digital Consumer Survey, 77 percent of consumers in 24 countries say they are interested in using alternatives to protect Internet security.
Moreover, those same consumers are squeamish about the current level of online security: 54 percent of survey participants said they simply don’t believe their data is secure.
From the lab to the market
Fortunately, Yahoo! is not the only global player working furiously to beat back the ne’r do wells of cyberspace.
Interestingly, some of the nation’s most prestigious laboratories have joined the fight.
Los Alamos Laboratory, for example, licensed Ernst & Young this past summer to market PathScan—a software tool the lab developed that can be used to identify suspicious behavior on computer networks.
Additionally, a similar tool—known as the Network Mapping system—has been licensed by Lawrence Livermore National Laboratory to Cambridge Global Advisors.
“It is important to know what you have on your networks,” says Celeste Matarazzo, a principal investigator for cybersecurity at Lawrence Livermore.
Yet another hacker-thwarting technology licensed by labs for commercial distribution is Quantum Secured Communication—a next-generation encryption system from Los Alamos that leverages the quantum properties of light to protect data.
Oak Ridge National Laboratory licensed its malware forensics detection software—known as Hyperion—to R&K Cyber Solutions early in 2015.
All told, 20+ technologies developed at national labs to thwart hackers are now in the pipeline for commercialization—all part of a program squired by the U.S. Department of Homeland Security (DHS) to transition valuable lab research into marketable solutions to better protect the U.S. from hackers.
“Innovative technology solutions are key to keeping pace with today’s cyber threats,” says Reginald Brothers, Under Secretary for Science and Technology at DHS. “Our program is bridging the gap between the private sector and national labs to help transition lab technology to the commercial market.”
Still, other efforts to frustrate hackers include Apple Pay. Instead of IDs and passwords, users can rely on their thumbprint to make a purchase using their iPhones.
Meanwhile, Mastercard is currently pilot-testing an online ID verification system for shopping—called Identity Check—that relies on a selfie taken by the shopper, or a fingerprint scan, to authenticate a purchase.
“Today, people shop on all sorts of devices, and they expect technology to simplify and secure the transaction,” said Ajay Bhalla, president of Enterprise Security Solutions, MasterCard. “This is exactly what Identity Check delivers.”
Users of Microsoft’s Windows 10 can replace ID and password access to their computers with Windows Hello—software that offers users the ability to sign-in using fingerprint readers or facial recognition, although the facial recognition option requires a high-end, depth-perception camera.
Google is also in the game, with a physical “Security Key” dongle that users plug into their computer’s USB port to gain access to their Google accounts online.
Even more futuristic is Eyelock, maker of a scanner that only grants access to a computer once it identifies the iris in your eye. The human iris is as unique as a fingerprint, and the chances of the device making a false match are one in 1.5 million, according to the maker.
While the iris scanner, called Myris, may sound like sci-fi, it’s already on the market for $280 at big box stores like Best Buy and Staples.
Even more far out cybersecurity technologies include under-skin silicon chips, wearable computer tattoos and even ingestible authentication devices with batteries that are powered by stomach acid, according to Jonathan LeBlanc, global head of developer advocacy at Paypal.
More complex passwords needed
Of course, the greatest irony associated with the development of alternative security is that if people used passwords intelligently—creating 32-character-long passwords that feature letters, numbers and special symbols—there would be no need for technological alternatives. Such passwords, according to security pros, are virtually uncrackable.
Chipmaker Intel brings this point home with resounding clarity with its free, online password checker that will tell you how many years it takes to crack any password.
Type in a gobbledygook mishmash of 32 letters, numbers and special symbols, for example, and you’ll find that it takes an amazing amount of computer power—plus approximately 25 years—to crack such a password.
Unfortunately, too few people are willing to tote around and use 32-character passwords made from gobbledygook inputs.
And too many—including those entrusted with securing company secrets stored in their e-mail accounts and on in-house company computers—consequently default to passwords that are often laughably easy to guess.
Even in this day and age, when millions of IDs and passwords are regularly stolen from major corporations, the most commonly used passwords are “123456” and “password,” according to Splash Data, a cybersecurity firm.
The result: security pros, company presidents and others who fret daily about the security of their company data hope that Yahoo’s! new technology—or something similar—will truly frustrate the world’s unscrupulous hackers, at least for awhile.
“The future of authentication is free from traditional passwords,” says Geoff Sanders, CEO, LaunchKey, which sells ID authentication technology that includes fingerprint verification, geofencing, facial recognition and other verification alternatives. “We must remove the vulnerability and liability that passwords have created while implementing more secure authentication methods that account for an evolving and diversified landscape of use cases, end users and threats.”