The effort to eliminate reliance on passwords as means for accessing applications and systems has made a significant step forward following the unveiling of PCs and tablets from Lenovo that come with a built-in authentication mechanism designed to interact with Universal Authentication Framework. Developed by the FIDO Alliance, a consortium of IT vendors committed to advancing two-factor authentication scheme known as Fast IDentity Online as an alternative to traditional passwords, the Lenovo offerings are the first mainstream devices to implement a standard mechanism for two-factor authentication.
Joe Pennisi, distinguished engineer and executive director of the PC and Smart Devices Business Group at Lenovo, credits Intel for making it possible for Lenovo to incorporate FIDO-compliant authenticators in the form of Intel Online Connect software in its Yoga 920, ThinkPad X1 Tablet (2nd generation) 2-in-1s, ThinkPad X1 Carbon (5th generation) and IdeaPad 720S laptops. Intel Online Connect and Intel Software Guard Extensions (Intel SGX) are built into 7th and 8th Gen Intel Core processors. Pennisi says Lenovo has been keenly tracking the progress of the FIDO Alliance since the group was formed in 2013. Other members of the FIDO Alliance include Aetna, Alibaba, Amazon, American Express, Bank of America, Gemalto, Google, Mastercard, Microsoft, RSA, Samsung, USAA and Visa.
One other benefit of having Intel develop Intel Online Connect, adds Pennisi, is that authenticator software resides below the operating system. That not only improves performance, it also makes it more difficult for cybercriminals to target the authenticator, says Pennisi.
Obviously, not every application supports those authenticators. But websites such as PayPal, Google, Dropbox and Facebook support the Universal Authentication Framework. Pennisi says that as new applications get developed Lenovo expects the number of applications that rely on new approaches to two-factor authentication to steadily increase. Pennisi says Lenovo expects there will also be a use case in the enterprise where the sensitivity of the data being accessed will push IT organizations to implement FIDO-based authentication software rather than continuing to rely on passwords.'Millions of applications are only protected by the password 1-2-3-4' Click To Tweet
Passwords are problematic on multiple levels. Most of the passwords used to today are weak in that it doesn’t take much for hackers to crack them. Requiring more complex passwords to thwart those efforts often winds up in users forgetting their passwords. That results in a lot of requests to reset passwords; a fair number of which may require some manual effort on the part of an IT administrator to address.
The good news is that developers are getting better at managing credentials, also known as secrets. Rather than storing credentials inside the application, the credentials are increasingly being stored in vaults. That makes it harder for hackers to steal passwords all at once. They can still hack a single account. But a vault makes it difficult to steal all the secrets attached to an application. But there are still millions of applications where the only thing standing between a hacker and compromising an application is password 1-2-3-4. In fact, given the state of password management these days it’s a wonder that more data and money isn’t stolen every day.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.