Warwick Ahsford’s report is really alarming. ‘More than six in 10 UK consumers put their data at risk by using a single password across multiple online accounts, a study has shown.’
But the worst is yet to come. They are using also weak passwords: ‘Trustwave analysed more than 625,000 password hashes and found 54% were cracked in just a couple of minutes and 92% in 31 days.’
Passwords are definitely inappropriate for authentication in the age of cyber crime. The news of the past weeks show that major players on the IT market like Twitter, Microsoft or Google developed technologies to address this problem.
The FIDO U2F standard (FIDO = Fast Identity Online Alliance, U2F = Universal second Factor) appears to be a quantum leap towards secure authentication in the world-wide web. Google has already integrated this standard in the Chrome browser. The second factor is established by a security key attached to a USB port.
Unfortunately it comes to fruition only after login into your computer, phone or tablet Computer, and only for Chrome.
And that’s in my opinion the crux of the matter. In a perfect world, I would like to login to my computer with a PIN or fingerprint and the FIDO U2F security key attached to the device.
A central, world-wide available and trusted identification authority verifies my identity and creates my identity token, which is valid for the duration of my session.
All services like Google, Home Depot, Amazon, the city council or the tax office rely on this identity token. For reasons of security the identity must be checked again before critical transactions are carried out.
Sounds fantastic, doesn’t it?
Look forward to a world without passwords!