Are passwords dead? Let's talk about the future of authentication

Privacy
[MUSIC] Muscles can be a pain but the best option we've got right? And may not actually be the case. This is the Daily Charge. It's Monday, March 9th. I'm Roger Cheng and with me a special guest, Steven Shanklin. And Steven youlet, our CNET package looking at the future of authentication, what did you find? Well, the bottom line is that passwords suck. We all know they suck, but they don't just suck for us. They suck for the companies that we're trying to log into banks, Facebook, Google, whoever. The good news is. There's actually a lot of work to fix passwords to improve the security that passwords use, and to actually replace them all together. So basically the computer industry is working its way out of this password hell that we all live in. Well, so look passwords. Yes, I find that annoying, but they're basically everywhere. They're ubiquitous, how do we get to a point where we can actually. Fully dumped our passwords. What are some of the technologies you encountered? Sure. So there's a lot of work that is, you know, there are a lot of technologies that are available today like some single sign on things you'll see login with Google login with Apple login with Facebook. So those are some early steps. The thing that's potentially more interesting is an alliance called Phyto. This is a whole lot of technology companies, including Google, and Apple just joined them. And they're working on technology that improves password login and eventually potentially replaces password. Login. The way that worked today mostly interesting is with these little dangles called hardware security kegs and that really makes it much much harder for somebody to bleach your cam even if they do have Have your password. And those are the technologies that actually will let us replace our passwords completely later on. So you talked a lot about these security keys. Talk a little bit about how they work and why they're so much more secure than just your simple password. All right, well, here's the deal. So this is a look at one of these security keys if you wanna check it out. It's a little USB thing that plugs into the side of your laptop or into the port on your phone. [INAUDIBLE] Connect wirelessly, and it's something you have. So when you look at the multi factor authentication, this is the idea that you're logging with something you know a password, with something you are potentially biometrics like your face ID or fingerprint ID. And then with something you have like a security key, so when you're combining the two of those three things, you have pretty strong authentication. These little security keys. This is what one looks like right here. These little security keys are actually instrumental in the login process. So they will check the website that you're using so that you can't log into fake websites with your real password, and they really make it a lot harder for a hacker to get into your account. Now I've got so I've got a MacBook Air, which annoyingly does not have any traditional USB Type A ports and for a lot of folks like the idea of carrying around a physical thing a dongle to you know up your authentication, your protection. That's kind of a tough sell like how do you how do you sort of square that with The need for security. Well, a couple points, first of all that key I just showed you is a USB A key, that's the old style USB. You can also get ones that plug into All right Your PC and this one is lightning for your iPhone Okay,, and then they also can connect wirelessly with NFC or Bluetooth. So there are other ways that you can connect Gotcha Your laptop or your phone But you're absolutely right. This is a hard sell, these things cost anywhere between $20, $70 for high end models that are fancier and you'll need at least two because you don't want to lose one or having stolen and have your account access locked. So yeah, there's it's a hard sell for a lot of people But first of all think of it like your house key, or your car key people are sought of used to that, it's not that much of a stretch for people to think, here is some important thing that I carry with me all the time. So it's not a complete Stretch to think that's [UNKNOWN] I bet a lot of people might use [UNKNOWN] But the other big answer is that newer standards from this [UNKNOWN] alliance means you can actually use your phone instead of one of these hardware security keys. Your actual phone can register As one of these keys, which means that you don't have to carry anything extra that you're not already carrying with you. I know Google's already working to or has already worked to put this in Android has Apple which you just said recently joined Fido have they asked what doesn't work with with the iPhone as well? Well, right now the apple situation is a little muddy. So with If you're logging into a website on an iPhone or an iPad, then this technology works fine as a just a few months ago, that's really very new. But logging an app is still much better on Android than it is on iOS. We don't have any official word from Apple about when they might improve that access. But my guess is it's on the way since they're a pretty high ranking member of this Phyto. Alliance now. So that's a pretty strong signal that they support this technology. So right now, it's a little bit better on Android than it is on iPhones, but the trajectory looks good here. All right, you wrote a second story companion piece about Two factor authentication. This is like the idea that you have two ways to verify that your identity and you argue that's not secure as you might expect. I've been saying for years folks like get to two factor authentication. That's the way to go when it comes to protecting yourself. But you're making me look dumb. So [LAUGH] Can you break it down? Why isn't it as secure as one might expect? Okay, so the first thing to say about two-factor authentication is, it's still way better than just a password. Okay. So it's still a big improvement, your device is still pretty good, you're not looking dumb, but- Not for this, at least, yes. But the problem is that it's still not perfect. So if you're using two factor authentication with codes, there are two ways that usually works. The first is you're getting an SMS code that your bank or somebody sends to you as a text message to your phone. And the second way is with an authenticator app like Google Authenticator, those technologies They help a lot, but the problem is that a hacker can actually intercept those codes. So what happens is the hacker will give you a fake website. You'll enter your username in there, and then you'll get the authentication code. You'll type the authentication code into the fake website, the hacker will then grab that authentication code and type it into the real Website. So basically, it's called a man in the middle attacks. Okay Basically the hacker can intercept those codes and use those codes to log in. Another problem is called sim swapping, where somebody actually gets access to your mobile phone account and therefore can read your SMS messages. That's what happened to Jack Dorsey, the CEO of Twitter. So basically These login codes are a big improvement but they're still not as good as these hardware security keys for your important accounts especially. Alright, well thank you Steven for spending time talking about passwords a feature of passwords. We're back tomorrow with more but you think many more good questions when we're off Leave us a voicemail. Yes voicemail at 286-225-05173. And if you want to learn more about today's topics, you can check the links to all today's stories in the description below the daily charge. I'm Roger Chang. Thanks for joining us. [MUSIC]

Up Next

You're doing passwords wrong, stupid (The Daily Charge, 3/11/2020)
dcthumb03112020

Up Next

You're doing passwords wrong, stupid (The Daily Charge, 3/11/2020)

E3 canceled: Here is what we know so far
screen-shot-2020-03-11-at-1-56-14-pm.png

E3 canceled: Here is what we know so far

This bill to protect children may also put your privacy at risk (The Daily Charge, 3/10/2020)
dc03102020.png

This bill to protect children may also put your privacy at risk (The Daily Charge, 3/10/2020)

We got our hands on a prototype phone with a rollable display
unnamed

We got our hands on a prototype phone with a rollable display

The Galaxy S20 is coming, but here are the best deals
dc03042020

The Galaxy S20 is coming, but here are the best deals

Decoding the Galaxy S20's different 5G combinations (The Daily Charge, 3/2/2020)
unnamed

Decoding the Galaxy S20's different 5G combinations (The Daily Charge, 3/2/2020)

AT&T TV is the DirecTV replacement no one asked for (The Daily Charge, 3/2/2020)
dcthumb03022020

AT&T TV is the DirecTV replacement no one asked for (The Daily Charge, 3/2/2020)

Bob Iger drove Disney to scoop up our childhood
dcbob02262020

Bob Iger drove Disney to scoop up our childhood

Disney's surprise CEO departure while Baby Yoda steals Toy Fair (The Daily Charge, 2/26/2020)
dc02262020

Disney's surprise CEO departure while Baby Yoda steals Toy Fair (The Daily Charge, 2/26/2020)

Tech Shows

The Apple Core
apple-core-w

The Apple Core

Alphabet City
alphabet-city-w

Alphabet City

CNET Top 5
cnet-top-5-w

CNET Top 5

The Daily Charge
dc-site-1color-logo.png

The Daily Charge

What the Future
what-the-future-w

What the Future

Tech Today
tech-today-w

Tech Today

Latest News All latest news

Google's Monk Skin Tone Scale: What Is It?
inclusive-schema-0509-anuyk5h-max-1000x1000.png

Google's Monk Skin Tone Scale: What Is It?

The Revolution R270 Is a Smart Toaster With a Screen
revolution-toaster-orange-promo

The Revolution R270 Is a Smart Toaster With a Screen

2023 Nissan Z First Drive: A Hotter Performer With Newfound Tech Smarts
nissan-z-2023-first-drive-holdingstill-cms

2023 Nissan Z First Drive: A Hotter Performer With Newfound Tech Smarts

Driving Porsche's Top-Secret Prototype Electric Race Car!
gt4-e-perf-still

Driving Porsche's Top-Secret Prototype Electric Race Car!

How an EV Works
how-evs-work-00-04-48-14-still089

How an EV Works

Facebook Accused of Blocking News in Australia, Plants Can Grow in Lunar Soil
facebook.png

Facebook Accused of Blocking News in Australia, Plants Can Grow in Lunar Soil

Most Popular All most popular

Apple Killed the Last iPod
1202263987086163-e66zgtdhxmkf0nentynj-height640.png

Apple Killed the Last iPod

Black Hole Image Revealed, Meta's Next Headset Teased
tt-051322-00-00-20-12-still020

Black Hole Image Revealed, Meta's Next Headset Teased

How an EV Works
how-evs-work-00-04-48-14-still089

How an EV Works

TikTok Creators Will Love the DJI Mini 3 Pro
dji-5

TikTok Creators Will Love the DJI Mini 3 Pro

The Best Way to Charge Your EV Is at Your House
home-chargers-copy-01-00-05-49-18-still089

The Best Way to Charge Your EV Is at Your House

I Lost My Mind on Guardians of the Galaxy Roller Coaster
1202231812667975-b8hrndwonamcg2sdaf5l-height640.png

I Lost My Mind on Guardians of the Galaxy Roller Coaster

Latest Products All latest products

Hands-On: We Got to Try the Sony Xperia 1 IV and Its Zoom Lens
xperiafinalpicsite

Hands-On: We Got to Try the Sony Xperia 1 IV and Its Zoom Lens

Lenovo Legion 7 Gaming Laptops Combine Great Power With Simple, Slim Designs
lenovolegion-00-00-45-13-still003

Lenovo Legion 7 Gaming Laptops Combine Great Power With Simple, Slim Designs

Exploring Meta Store: Facebook Parent Meta's First Physical Retail Space
metastore

Exploring Meta Store: Facebook Parent Meta's First Physical Retail Space

Lenovo's Torrent of Slim-Series Laptops Has Almost Too Many Options
lenovoslim-00-00-03-10-still001.png

Lenovo's Torrent of Slim-Series Laptops Has Almost Too Many Options

Disney's New Wristband Brings Games to Theme Parks
magic-band-plus-1-copy

Disney's New Wristband Brings Games to Theme Parks

Amazon Astro Review: An Echo of the Future
astro-review-still-10

Amazon Astro Review: An Echo of the Future

Latest How To All how to videos

Google Pay: How to Set Up and Use
googlepay-inhand

Google Pay: How to Set Up and Use

Clean Your AirPods and EarPods Without Damaging Them
yt-howto-clean-airpods-v3

Clean Your AirPods and EarPods Without Damaging Them

How to Control Your Computer With Your Feet
yt-learn-guitar-foot-controls-v2

How to Control Your Computer With Your Feet

How to Download YouTube Videos
yt-howto-download-yt-videos-v3

How to Download YouTube Videos

Find Forgotten Wi-Fi Passwords for Previously Used Networks
how-to-find-a-wi-fi-password-on-any-network-1

Find Forgotten Wi-Fi Passwords for Previously Used Networks

Get the Most Out of Multitouch on Your Trackpad
mac-tips-multitouch-on-mac-7

Get the Most Out of Multitouch on Your Trackpad