Dual-factor authentication is becoming a popular trend in keeping online accounts and services secure. However, IBM is claiming that current systems are already getting a bit old and should be updated to a mobile device era. And the technology that will do just that is already present in most Android phones: Near-field communications or NFC.
As the name implies, dual-factor authentication involves two steps. The first is the regular user name and password used to login via a web browser or app. As history would show, this method offers little security and is susceptible to hacks. Thus, a second step is needed that involves something a user already has and isn’t so easy to get access to: his or her smartphone. A key is usually sent to a smartphone or mobile device which can then be used complete the authentication process. But, according to IBM, in today’s world where users access their online services such as banks and stores via their mobile device, the smartphone becomes involved in both the first and second steps in the process, nullifying the benefits of dual-factor authentication. A stolen smartphone can thus be used to access an online service and authenticate at the same time.
The solution, according to the company, can be found in NFC, specifically, an NFC-enabled card issued by, say, a bank that is unique and specific to each user. This card becomes the second factor in authentication. The process is equally simple. A user logs into his or her bank account using a mobile app for that bank and the bank sends a key to the phone and asks for the user’s password. Once the user puts in the password, he must tap the phone to the NFC-enabled card which will calculate the key and send the information back to the bank for verification. If the wrong or no card is used, or if the user enters the wrong password, the login fails.
This would, indeed, provide a smarter security system for fully mobile transactions, although if both smartphone and card are stolen, then you’d be out of luck. There is, however, one major hurdle to IBM’s proposal. The iPhone, which, like it or not, makes up a large percentage of mobile users, has so far still eschewed NFC technology with no indication of changing its ways any time soon.
VIA: CNET
I think it’s about time two-factor authentication went Biometric (for one factor).