Mobile Security

Researchers Want To Achieve Online Security Without Passwords

February 9, 2016 - Written By Diego Macias

Since we have the whole Internet everywhere with our mobile devices, security has become a very important topic. We store all kinds of personal files in our smartphones and tablets and even more sensitive information such as bank accounts, address books and other important accounts. The password has protected each one of these aspects, a lock screen code could help protect anyone from accessing most of our phone’s features, but then there are some additional passwords for the apps that need more security. Still, if for whatever reason those passwords fall into the wrong hands, anyone could access our accounts.

Gerhard Eschelbeck, Head of Security & Privacy Engineering at Google has addressed this matter at Google’s “The Future of Security” Roundtable. He has been working in security research for the past twenty years trying to solve that only the right people get access to the right information. This might seem like a simple problem to solve, but with more advanced technologies accessible to everyone, it becomes more complicated. There are many bad actors who try to access information with advanced phishing techniques and there are so many of these cases every day that it would be impossible to address them individually. Users need to be educated so their devices become less prone to an attack, they might create stronger passwords or even use a password manager to make it easier, still there are more advanced techniques to ensure security.

Two-step verification has been proven to be quite effective, as if someone figures out your password, you’ll be notified in another way so they can’t access the information unless you accept that notification. Security Keys from the FIDO Alliance provide an even better level of protection as the information is encrypted and only the one holding the physical Security Key will be able to access the information. While these technologies improve security, there might be ways where people don’t have to input passwords or carry physical tokens to ensure online security. Currently, we have some Automatic Unlocking with some Bluetooth connected devices, but it could be extended to additional devices once everything gets connected. There is also a research on how devices could recognize your voice or the way you walk in order to authenticate your identity. This way, devices could share security knowledge in order to handle future challenges.