When a Picture Protects Your Online Accounts

To use the word “epidemic” in describing online identity theft may have been limited to the heights of hyperbole at one time, but it’s rapidly becoming clear that it’s not the overblown threat people once thought it was. With major names getting hacked left, right and center, protecting accounts is becoming an ever more difficult process. But one company, Authentify, thinks it may have just the answer to the issue of password protection by depending on more than just passwords to provide security for systems.

While passwords do often protect accounts, and protect said accounts quite well, passwords are the primary fail point for account protection. Passwords typed into browsers, sent via open network and centrally stored become essentially an eggs-in-one-basket security and ads removal strategy that leaves people open to attack. After all, once a password is seized, all sorts of information are open to potential attack, and that gives a lot of possibility for things to go wrong. But with the recently introduced Authentify xFA (x Factors of Authentication) service, the idea of a password is completely removed from the equation in favor of a mobile app that instead scans what’s called a “short-lived cryptograph”—a small image that activates a PKI digital certificate—and uses the smartphone itself as an authenticator. Essentially, the phone itself becomes the password.

Image via Shutterstock

Authentify xFA is available for any online service provider that wants to ratchet up security, especially for things like banking or other financial services, as well as medical insurance firms or just private networks looking to provide a better level of protection. Given that, according to the Verizon (News – Alert) 2013 Data Breach Investigations Report, fully 78 percent of all cyber-attacks were low to very low in terms of difficulty, and primarily targeted passwords, it’s clear that passwords alone aren’t doing the job.

Thankfully, for those who might have been concerned about an era in which smartphones or tablets are required just to recover e-mail—a development that would have proven disastrous for the people out there who neither need nor want smartphones—xFA Authentify can reportedly offer other options, including voice biometrics via a standard mobile phone or even a landline. While that would pose a slightly different challenge for many users, it may well be a preferable one in the end. Simply ask: would I rather remember all the different passwords for various websites, or dial one or more toll-free numbers (at least it’s hoped those numbers would be toll free) and speak a quick phrase into the line to get access to those sites? Most would probably respond by picking up the phone, at least, that’s what Authentify is likely hoping will prove to be the case.

There’s no word as to when this service will start appearing on sites, but the service is already, at least on some level, available for a fixed annual subscription fee. It might well be worth at least a slow rollout, especially for companies concerned about protecting user identities. It’s certainly difficult to fake a voiceprint, and being able to compress all the various passwords in one’s life to a simple spoken phrase might be useful after all. Only time will tell just how far xFA goes, but it’s likely to show up in at least a few locations before too much longer.