At this year’s RSA Conference in San Francisco, our CEO had a opportunity to sit down with Richard Stiennon, founder and lead analyst at IT-Harvest, for an extended video discussion about what needs to change to fix the authentication problem. Over the next few months, we’ll be using our blog to share excerpts of that discussion.
Nok Nok Labs hosted a panel discussion on the future of authentication at the RSA 2015 conference. The panel was moderated Jon Oltsik (Senior Principal Analyst, ESG), and included industry experts Rhonda MacLean (CEO, MacLean Risk Partners, LLC), Giles Watkins (Partner, KPMG) and Phil Dunkelberger (CEO, Nok Nok Labs).
It was certainly fitting that last week started with Groundhog Day, since it ended with another major breach that is reportedly the result of the same problems that cause over three-quarters of all data breaches - compromised credentials. The Anthem data breach should bring some major pause (again) to those at relying parties who are responsible for protecting sensitive data. As an industry, this is another opportunity to get things right.
The rise in mobile and cloud computing continue to drive the urgent need to rethink whether authentication. Users are relying on their mobile devices to handle everything from Facebook check-ins to banking transactions and online purchases. Legacy authentication has proved inadequate –as recent headlines demonstrate –7 million Dropbox passwords hacked, Russian crime ring steals 1.2 billion username and password combinations, etc. Traditional usernames/passwords and current Two-factor Authentication (2FA) schemes fail to meet the needs of today’s corporate and/or personal use.
Today marks another important moment for the FIDO Alliance. Google has announced Security Key, a physical USB second factor to provide an additional layer of protection for Google Accounts. This adds to the multiple second-factor choices Google users have to secure their online accounts from password compromises on their personal computers.
We see last week's move by Apple as a significant step in the right direction towards modernizing online payments and addressing a major problem in today's payment ecosystem using authentication as a key building block. The last twelve months have seen acceleration in investments in mobile commerce and payments powered by strong and simple authentication and we expect Apple's activities to add to the momentum.
Since our inception, we’ve been pretty vocal about what’s wrong with online authentication. If you are a follower of ours (or maybe if you’re not), you’ll likely agree that the use of passwords is the weakest security for authentication. However, Internet services continue to make consumers use a password as the primary method for access - even after breach after breach.
In recent weeks, we have seen a number of interesting reports/surveys that examine various aspects of data breaches. Here are a few: