Key Trends In User Identification TechnologyNick Throlson
As the internet becomes more and more an integrated part our day to day lives, becoming as commonplace to us as the radio, electricity or zinc, the dangers of it are becoming more apparent. Not just the danger of wasting valuable time watching kittens when you’re supposed to be working, but serious dangers such as cyber-attacks, loss of data, or even the theft of one’s identity.
It used to be you could impersonate anyone you wished on the internet, but developments over the past decade have helped ensure that our identities are more protected than ever.
So listed below are some of the key trends we’ve spotted over the past couple of years within the realm of user identification technology, and how they can help protect you and your identity whenever you’re using the internet.
Two Factor Verification
Usually, when you sign up to a website or something similar, there’s just one line of user verification. Most usually, this is the password. The problem is that even 12-character alphanumeric passwords with one lower case, one upper case, and one special character are actually very easy to bypass. And as most of us – perhaps unwisely – link most of our accounts to a single email address, if you find one breach the whole system is at risk.
As such, many sites are now employing two-factor verifications when signing up for an account, making important transactions, or when adjusting your account’s details. For example, as well as having a password, the website may also require a verification code sent to an email address or a mobile phone before any further action is taken.
This provides an extra layer of security so that even if someone has managed to guess your password they still can’t make any major adjustments to your accounts or your data without getting past that second layer. This at least delays them, and for casual attacks, that’s often deterrence enough, and can also alert you personally when they occur.
Use of Mobile Phones
We already mentioned that the two-factor system may ask you to link your account to a mobile phone so that verification codes can be sent if someone tries to access or adjust your account. In general, the growing universality of mobile phones has meant that many websites and companies are making use of them to protect their users and their identities.
Popular games developer Blizzard, for example, offers the option of a mobile phone verification app when users sign up to their online gaming platform, Battlenet. Whenever the user’s account is activated by a new device, a verification code is needed before access can be granted. Likewise, if anyone attempts to change the account’s password, or make any online purchases.
As it’s highly unlikely that the user’s mobile phone will be in the possession of the attacker, it provides a layer of security very hard to overcome.
Some companies, such as Cognito, have started offering similar services for a number of websites. Using their app, you can connect accounts to your mobile phone, thus ensuring they can’t be accessed without a special ID code.
Biometrics are nothing new – customs and immigration officers have been using biometric data to verify passport holders for quite a long time now. However, we’re starting to see biometrics see more use in our daily lives as well.
Most mobile phones now have the option to be secured using biometric data, typically a fingerprint or facial recognition. The phone then cannot be unlocked without that input, at least in theory. Many phones also maintain a typical pin code or pattern security system, as biometrics are notoriously finicky and do not always work as intended.
While not foolproof by any stretch, they provide a very convenient and quick means of providing user identification for our mobile devices.
New Methods of Data Storage
Recent events in which personal data has been acquired and illicitly disseminated across the internet due to the actions of hackers have also caused a rethink on how data storage is managed. If a hacker can access important personal information, such as your date of birth, address, or mother’s maiden name, they can use this to bluff their way into your accounts and cause all kinds of damage.
One solution is to ensure that no one organization has access to all your information, a process called blockchain. Instead, data is added sequentially in blocks using a “hash” of data from the preceding block. Already used for bitcoin transactions, it’s a highly effective and secure method of protecting personal data.