Sunday, April 28, 2013

I Am More Than One

Following recent security failures by Twitter, Foursquare and others, the concept of 'double login' is now becoming a Big Thing.

But the very idea of a login is fast becoming the biggest issue and vulnerability of the internet. Like many organisations, at TVE we've implemented OAuth and OpenID, which means that users can use single sign one on any system supporting these protocols.

However, this has an issue. I have multiple logins for most services since I am a private person and a business owner. Indeed, I could be ten personas or more.

And trying to switch these personas on key services such as Google, who, to be fair,  have done a great deal to sort out issues around this subject, is still a nightmare.

We need a new system of  authentication that is at once more secure and more flexible. Using emails as usernames is the norm, and is convenient and flexible, but hugely unsecure - you have immediately given away one of the two bits of information a hacker requires.

The current delay in the shipping of the next iPhone seems to be over supply chain issues with a fingerprint detection component, and this points to the future.

A physical attribute is very difficult to replicate, but this still leaves the issue of personas: this is falling into the same category as batteries - something too difficult for technology to fix.