It
so happened that one of my friend’s colleague got arrested for some
matter and was sent to jail. My friend went to meet his colleague in the
jail. Pretty normal, right? Well he went to meet his colleague to get
the username and password of the colleague’s computer, required for
some urgent work which apparently couldn’t wait till the colleague was
freed!
Now
this incident just highlights the importance that logins have come to
occupy in our digital lives. Login information is any confidential
information that only you, the person trying to login knows. It’s
generally a username and a password but also covers pin codes,
fingerprint scanners, face unlock, pattern unlock and many other
outrageous methods to unlock your smartphone (including the iPhone 5S Touch ID).
I need not remind you that it’s required to access your Device, your
Gmail, Facebook, Twitter, Bank Account and IRCTC ticket
booking(basically any online service which can be customized).
What
I might remind you though, is that the login is slowly changing as you
know it. Logins generally protect some confidential data behind them
and as a result they are the target of hackers. As a result, several
innovative measures have been tried to make it more complex and other
times simpler but definitely more secure:
OpenID:
Ever felt drowned in 50 usernames and passwords? Worse still using the
same username and password across 50 websites? OpenID is your rescuer!
Basically, you create an account with your preferred OpenID provider
once and you use your OpenID credentials across all websites. You always
sign in to only your OpenID account and the OpenID provider
authenticates you on your behalf. As a result, you are saved from
remembering several logins and you don’t give your private data(name,
age etc) to every xyz website.
Ever used Sin in using Google/Yahoo? Congrats! you have already used OpenID!
Single Sign-On(SSO):
While OpenID allows you to use a single username+password combination
to login into several services; SSO allows you to use a single
username+password combination to automatically login into several
related services(with OpenID you will have to authenticate every service
every time you want to login).
Ever
noticed that once you sign into any Google service, you are signed
across all other Google service? That’s because Google uses SSO.
2-step verification:
Username+ password is simply not enough so logins using 2-step
verification require username+password+passcode. Passcode can come from
OTP(One Time Pin) on your phone or from token generator(like RSA SecurID)
Then, there are other methods of authentication which assume username+password based login to be cumbersome, insecure and easily hackable and hence, they seek to replace something you know (username + password) with something you own(your fingerprint, your face, you retina!). Face recognition and fingerprint scanners are already in mainstream use with Android and iPhone respectively. May be, in near future we will simply be our own login information! and my friend would have to wait for his colleague to be freed from jail before authenticating :D
No comments:
Post a Comment