“Mother’s maiden name”
“Name of your first pet”
Those are but a few of the security questions or reminders that help us keep track of passwords across multiple sites and applications. Online service, like Evernote, that sync across multiple devices have stored countless username/password combinations to keep our digital society moving.
However, passwords will be long forgotten – rather than temporarily so – by the end of the decade, said one tech exec who is pushing for a new approach to passwords.
Hugh Owen, vice president of product marketing at MicroStrategy, said, “[Mobile identity management] is going to be very mainstream in a very short period of time. It will be interesting how long it is – maybe four years, five years – before we look back and remember upon the time where we used to rely on passwords and had to remember them all.”
His company is helping to push mobile identity management through wearables, what many security experts hope is the magic bullet for the long outdated mother’s maiden name, “123456” or string of random characters scrawled on a sticky note. Mobile identity management is any service that makes use of pre-verified mobile devices, like smartphones or smartwatches, to send authentication keys, temporary tokens or expiring passwords to provide access to some secure system.
Research increasingly shows traditional authentication hurdles are easily duped and more trouble than they’re worth, and enterprises would do well to look for alternatives both internally and client-facing.
Last month hackers used background information amassed from different cyberattacks and social engineering efforts to dupe the “Get Transcript” application on IRS.gov, siphoning nearly $50 million in illegally requested tax returns in the process. Take that into account with the research Google released in May that shows traditional authentication means do not even help users – only 60 percent of users remembered the answers to questions like “What is your favorite food?” – and make it more likely for cyber criminals to correctly guess questions with popular answers. Some people think mobile identity management could be the answer in the enterprise.
For that reason, MicroStrategy continues to develop its mobile identity management app Usher, a version of which launched with the Apple Watch. Owen said that the idea is nothing new, but it will be the heavy adoption of wearables – which 451 Research contends is already underway with the release of the Apple Watch – that will help take the complex back-end process of identity management and simplify it to a few taps of a smartwatch face.
With Usher’s newest features, organizations can use an Apple Watch to access office locations, devices, business systems and more, and validate identities and discover nearby users. Owen said the new Apple Watch capabilities are more conducive to the at-a-glance workflows of the average user, and he’s always impressed by the creative ways client’s utilize Usher’s software development kits to extend the platform to functions they need.
“We’ve seen some really interesting implementations of it in terms of banking where people are using Usher as the method of second-factor authentication for both giving people access to systems and also approving transactions. It’s integrated in such a way that it’s just part of the workflow,” Owen said.
He also mentioned some programs the company set up at the Saudi Arabia Ministry of Foreign Affairs and Georgetown University, the latter of which is conducting an ongoing “smart campus” pilot that allows students access to buildings and online accounts through the app as opposed to a physical key card.
Some competitors, namely oneID and Authy, also seek to attract an enterprise audience, but MicroStrategy seems to be gaining notable traction. For instance, Apple specifically mentioned its partnership with MicroStrategy’s enterprise efforts in its most recent earnings call, a rare name drop for the normally taciturn Cupertino company.
For the enterprise, mobile identity management seems like a no-brainer. The technology is there; all that’s needed is the implementation. This could be the killer use case that brings smartwatches out of the C-suite and into the hands (on to the wrists?) of the average user.