The Buck Stops Here #LockDownURlogin

A Wake Up Call

The increasing riskiness of relying on traditional passwords is once again in the news. As reported by CNET, the executive branch of the U.S. federal government is explicitly advising its constituents to “think beyond the password.”

And it’s no wonder. This comes on the heels of last week’s rather mind-blowing revelation that state-sponsored hackers had pilfered the online accounts of at least 500 million Yahoo users. Now, no less authority than the Obama administration is leading a war-on-cybercrime charge by supporting a new initiative and website — aimed directly at citizens — called “Lock Down Your Login”. It even features an adorable video jingle, ostensibly for the vast majority of folks who don’t know a network security scheme from a hybrid cryptosystem (and don’t want to).

To develop the campaign and get it out to the widest possible audience, the White House joined with the National Cyber Security Alliance (NCSA), as well as a wide range of technology and finance companies including Google, Twitter, Visa and Mastercard. The initiative began back in February, when administration officials put out a call to motivate more Americans to add extra layers of authentication — otherwise known as second or multiple factors — to their online login processes. The term being used to define this initiative is “Strong Authentication,” and is quite familiar to anyone with a background in data security.

How Does It Work?

Experts have been advocating two-factor and multi-factor authentication for a while now, which involves combining a traditional username/password process with an additional biometric or otherwise device-driven step, such as using a physical security key, a mobile device fingerprint scan or a one-time code sent to a user’s phone number. For certain high-risk transactions such as those involving financial, government or healthcare institutions, additional “step-up” processes are often required.

There has been increased adoption of strong authentication among consumers recently, due to businesses — particularly those that are considered digital Identity providers (IdPs) — beginning to add two-factor and risk-based authentication functionality and promoting it to their users. However, the government and its technology partners agree that we need to go much farther to ensure the collective safety of our personal information. As the NCSA’s Executive Director Michael Kaiser told SC Magazine about increasing authentication, “It is to everyone’s benefit to do it.”

The View From the Front Lines

As a company that deals exclusively in the management of consumer data, we at Gigya have been increasingly vocal on this subject, notably with our recent survey of 4,000 U.S. and UK adults on their opinions of passwords and how they approach using them. Among the surprising things we discovered are that only 16 percent of respondents claim to create a unique password for each online account. Also, 25 percent say they don’t create complex passwords for their financial accounts.

These poor practices further illustrate what’s driving the push to strengthen authentication. As more of our lives become digital, the more difficult it becomes to maintain control of the virtual mountain of information needed to identify one’s self across the dozens of apps and services that consumers tap daily.

While we believe the complete elimination of password processes is coming eventually, two-factor and multi-factor authentication is an effective stopgap, and certainly a step in the right direction. We’re also glad to see educational outreach by government on the subject of personal data protection. Increasingly, online and offline safety are one and the same, and it’s time to start speaking plainly about our responsibilities as digital citizens.

To see what we learned from consumers about the present and future of passwords, download our survey guide now.

By David Kerin