The CEO of Kitchener-Waterloo startup Symple ID went on Kevin Newman Live last night to discuss the recent Ebay password fiasco as well as his “two-factor” password solution for Internet users.
Richard Fox-Ivey that in the past, passwords worked well: most people didn’t have a lot of different accounts and the types of things people were doing online was fairly limited. Skip ahead today where the average person has about 40 accounts, and its an easy target for hackers.
He explained how the recent eBay security breach, when hackers raided the ecommerce site’s servers three months ago accessing 145 million user records, is called a “brute force attack”. It’s a low-effort attack where hackers can slog through millions of different number, letter and symbol combinations per second to try and access accounts.
His answer is a “two-factor” solution, which uses both a person’s cell-phone and some sort of NFC-based technology, maybe a wrist band, a card or a keychain hangtag. Users with Symple ID need only to access the site they want to sign in with and touch their cell phone to the NFC tag. If someone steals a user’s cell phone, they can’t access their passwords, and likewise if someone steals their NFC tag. It’s not cloud-based, but rather the information is stored in a cell phone.
“My whole concept was to create dual-factor solution because it’s more secure, but also to solve the problem of passwords, because people can never remember them. People don’t pick very secure passwords,” he told Kevin Newman.
Currently the password solution that’s gaining a large amount of traction and media buzz is PasswordBox, which is an online-only based solution that collects a person’s normal passwords for every site, gives those sites much stronger, encrypted passwords, and asks the user to use only one “master password”. PasswordBox recently won an Appy award for having the best privacy mobile app.
Fox-Ivey dismissed browser management systems as “not recommended, not very secure.”
“I think in the next five years we’re going to see a complete change in the online world,” Fox-Ivey told Newman. “I think two-factor and multi-factor is absolutely going to become the standard and at the end of the day its about making it easy. Now technology exists to make passwords simple.”