The Seamless Enterprise

Comprehensive news and discussion of enterprise communications and converged network solutions.

You're Welcome, Zuck ... Mobile Devices as Authentication Tokens

on December 03, 2010 by Christopher Glenn

I am hearing some cross-talk between a couple of my recent blogs. In "Single Number Reach," I was speculating as to what word we will use in the future for a Unified Communications identifier when phone numbers become obsolete. In "Perfect Storm of Security Threats," I speculated about the problems with today's common two-factor authentication approaches and how vulnerable they are. As social media changes the way we use the net, it looks like the two issues discussed in those articles will become more inter-twined.

As I think more about “Single Number Reach,” it is odd how we still "dial" a phone even though you "press" a keypad today; and, we still "call" someone even though we physically don't "call on them" as people did when the term was last re-defined (I suppose it originated when people yelled over the hill, but you get my point). Maybe in the future we'll say "phone number" even though it's not a number? Who knows? If you read a document from 1,000 years ago, you’ll see it’s an interesting hybrid of Latin and the English we know today.

Later in “Single Number,” I opined that in the future, the communications device I am using will contact a “social authority” (LinkedIn or Facebook) to help me “connect” with a person via myriad communication methods. The idea is you only keep the social authority up to date about your phone number, email, Twitter ID, Skype ID, etc., and then, as opposed to saving people's business cards, you connect via a social network and specify your affiliation.

In "Perfect Storm of Security Threats," I speculated about the problems with today's common two-factor authentication approaches and how vulnerable they are. Today, "two-factor" is the law for banks. With my brokerage account, the factors are “something you know” and “something you have.” The first factor is my user ID and password, and the second is a SecurID fob on my keychain with a six-digit number that changes every 60 seconds.

So when I say there is cross-talk between these two posts, what I mean is that I am now seeing (as I suspect you are) options to use your Facebook login information to log into more and more websites. That's a trend that won't stop. Social authorities will take over authentication, but the danger in the short term is that Facebook isn't using two-factor authentication.

That is a major problem because if your Facebook account is compromised, then all of the websites where you use Facebook to authenticate yourself are compromised as well. In other words, don't expect your banks to start giving you the "login with Facebook" option anytime soon. Before that happens, Facebook will need a more robust approach to multi-factor authentication.

Given that 25 percent of Facebook's users are 18 to 21, I think I know how Facebook will get there. The most logical "something you have and something you know" approach for Facebook in the short term would be to use a person's cell phone as the "something you have" factor. It’s not perfect in the long term, but I envision it as a stepping stone to making your cell phone a better token for authentication.


Comments (0) Leave a Comment

Add a comment:

Name:
Email:
Website:

  • Comment
  • Preview
Loading


About the Author

Christopher Glenn explores emerging technologies to help companies create convergence strategies that bring together wireless and wireline communications. He has 25 years of experience in the telecommunications industry, with roles spanning strategic planning, business development, operations, engineering, sales, marketing, and finance. Christopher's career includes over 10 years with Sprint, most recently as General Manager of Converged Business Solutions, where he focused on the company's managed services portfolio, VoIP and IP telephony and mobile integration. He holds a BSB with distinction in general management and finance as well as an MBA with honors in corporate strategy and operations management from the University of Minnesota's Carlson School of Management. Follow him on Twitter at http://twitter.com/NetThink.

Share

More news
from sprint

Register here to receive
future newletters
from Sprint.

Register

Related Articles