Are passwords dead? Let's talk about the future of authentication
Are passwords dead? Let's talk about the future of authentication
7:40

Are passwords dead? Let's talk about the future of authentication

Privacy
[MUSIC] Muscles can be a pain but the best option we've got right? And may not actually be the case. This is the Daily Charge. It's Monday, March 9th. I'm Roger Cheng and with me a special guest, Steven Shanklin. And Steven youlet, our CNET package looking at the future of authentication, what did you find? Well, the bottom line is that passwords suck. We all know they suck, but they don't just suck for us. They suck for the companies that we're trying to log into banks, Facebook, Google, whoever. The good news is. There's actually a lot of work to fix passwords to improve the security that passwords use, and to actually replace them all together. So basically the computer industry is working its way out of this password hell that we all live in. Well, so look passwords. Yes, I find that annoying, but they're basically everywhere. They're ubiquitous, how do we get to a point where we can actually. Fully dumped our passwords. What are some of the technologies you encountered? Sure. So there's a lot of work that is, you know, there are a lot of technologies that are available today like some single sign on things you'll see login with Google login with Apple login with Facebook. So those are some early steps. The thing that's potentially more interesting is an alliance called Phyto. This is a whole lot of technology companies, including Google, and Apple just joined them. And they're working on technology that improves password login and eventually potentially replaces password. Login. The way that worked today mostly interesting is with these little dangles called hardware security kegs and that really makes it much much harder for somebody to bleach your cam even if they do have Have your password. And those are the technologies that actually will let us replace our passwords completely later on. So you talked a lot about these security keys. Talk a little bit about how they work and why they're so much more secure than just your simple password. All right, well, here's the deal. So this is a look at one of these security keys if you wanna check it out. It's a little USB thing that plugs into the side of your laptop or into the port on your phone. [INAUDIBLE] Connect wirelessly, and it's something you have. So when you look at the multi factor authentication, this is the idea that you're logging with something you know a password, with something you are potentially biometrics like your face ID or fingerprint ID. And then with something you have like a security key, so when you're combining the two of those three things, you have pretty strong authentication. These little security keys. This is what one looks like right here. These little security keys are actually instrumental in the login process. So they will check the website that you're using so that you can't log into fake websites with your real password, and they really make it a lot harder for a hacker to get into your account. Now I've got so I've got a MacBook Air, which annoyingly does not have any traditional USB Type A ports and for a lot of folks like the idea of carrying around a physical thing a dongle to you know up your authentication, your protection. That's kind of a tough sell like how do you how do you sort of square that with The need for security. Well, a couple points, first of all that key I just showed you is a USB A key, that's the old style USB. You can also get ones that plug into All right Your PC and this one is lightning for your iPhone Okay,, and then they also can connect wirelessly with NFC or Bluetooth. So there are other ways that you can connect Gotcha Your laptop or your phone But you're absolutely right. This is a hard sell, these things cost anywhere between $20, $70 for high end models that are fancier and you'll need at least two because you don't want to lose one or having stolen and have your account access locked. So yeah, there's it's a hard sell for a lot of people But first of all think of it like your house key, or your car key people are sought of used to that, it's not that much of a stretch for people to think, here is some important thing that I carry with me all the time. So it's not a complete Stretch to think that's [UNKNOWN] I bet a lot of people might use [UNKNOWN] But the other big answer is that newer standards from this [UNKNOWN] alliance means you can actually use your phone instead of one of these hardware security keys. Your actual phone can register As one of these keys, which means that you don't have to carry anything extra that you're not already carrying with you. I know Google's already working to or has already worked to put this in Android has Apple which you just said recently joined Fido have they asked what doesn't work with with the iPhone as well? Well, right now the apple situation is a little muddy. So with If you're logging into a website on an iPhone or an iPad, then this technology works fine as a just a few months ago, that's really very new. But logging an app is still much better on Android than it is on iOS. We don't have any official word from Apple about when they might improve that access. But my guess is it's on the way since they're a pretty high ranking member of this Phyto. Alliance now. So that's a pretty strong signal that they support this technology. So right now, it's a little bit better on Android than it is on iPhones, but the trajectory looks good here. All right, you wrote a second story companion piece about Two factor authentication. This is like the idea that you have two ways to verify that your identity and you argue that's not secure as you might expect. I've been saying for years folks like get to two factor authentication. That's the way to go when it comes to protecting yourself. But you're making me look dumb. So [LAUGH] Can you break it down? Why isn't it as secure as one might expect? Okay, so the first thing to say about two-factor authentication is, it's still way better than just a password. Okay. So it's still a big improvement, your device is still pretty good, you're not looking dumb, but- Not for this, at least, yes. But the problem is that it's still not perfect. So if you're using two factor authentication with codes, there are two ways that usually works. The first is you're getting an SMS code that your bank or somebody sends to you as a text message to your phone. And the second way is with an authenticator app like Google Authenticator, those technologies They help a lot, but the problem is that a hacker can actually intercept those codes. So what happens is the hacker will give you a fake website. You'll enter your username in there, and then you'll get the authentication code. You'll type the authentication code into the fake website, the hacker will then grab that authentication code and type it into the real Website. So basically, it's called a man in the middle attacks. Okay Basically the hacker can intercept those codes and use those codes to log in. Another problem is called sim swapping, where somebody actually gets access to your mobile phone account and therefore can read your SMS messages. That's what happened to Jack Dorsey, the CEO of Twitter. So basically These login codes are a big improvement but they're still not as good as these hardware security keys for your important accounts especially. Alright, well thank you Steven for spending time talking about passwords a feature of passwords. We're back tomorrow with more but you think many more good questions when we're off Leave us a voicemail. Yes voicemail at 286-225-05173. And if you want to learn more about today's topics, you can check the links to all today's stories in the description below the daily charge. I'm Roger Chang. Thanks for joining us. [MUSIC]

Up Next

You're doing passwords wrong, stupid (The Daily Charge, 3/11/2020)
dcthumb03112020

Up Next

You're doing passwords wrong, stupid (The Daily Charge, 3/11/2020)

E3 canceled: Here is what we know so far
screen-shot-2020-03-11-at-1-56-14-pm.png

E3 canceled: Here is what we know so far

This bill to protect children may also put your privacy at risk (The Daily Charge, 3/10/2020)
dc03102020.png

This bill to protect children may also put your privacy at risk (The Daily Charge, 3/10/2020)

Are passwords dead? Let's talk about the future of authentication
dcthumb03092020

Are passwords dead? Let's talk about the future of authentication

We got our hands on a prototype phone with a rollable display
unnamed

We got our hands on a prototype phone with a rollable display

The Galaxy S20 is coming, but here are the best deals
dc03042020

The Galaxy S20 is coming, but here are the best deals

Decoding the Galaxy S20's different 5G combinations (The Daily Charge, 3/2/2020)
unnamed

Decoding the Galaxy S20's different 5G combinations (The Daily Charge, 3/2/2020)

AT&T TV is the DirecTV replacement no one asked for (The Daily Charge, 3/2/2020)
dcthumb03022020

AT&T TV is the DirecTV replacement no one asked for (The Daily Charge, 3/2/2020)

Bob Iger drove Disney to scoop up our childhood
dcbob02262020

Bob Iger drove Disney to scoop up our childhood

Disney's surprise CEO departure while Baby Yoda steals Toy Fair (The Daily Charge, 2/26/2020)
dc02262020

Disney's surprise CEO departure while Baby Yoda steals Toy Fair (The Daily Charge, 2/26/2020)

Tech Shows

The Apple Core
apple-core.png

The Apple Core

Alphabet City
alphabet-city.png

Alphabet City

CNET Top 5
top-5.png

CNET Top 5

The Daily Charge
the-daily-charge.png

The Daily Charge

What the Future
what-the-future.png

What the Future

Tech Today
tech-today.png

Tech Today

Cooley On Cars
on-cars.png

Cooley On Cars

Carfection
carfection.png

Carfection

Latest News

Android 15: See New Features in Action
yt-android-15-clean-1

Android 15: See New Features in Action

If Apple Makes Siri Like ChatGPT or Gemini, I'm Done
240516-site-hey-siri-lets-talk

If Apple Makes Siri Like ChatGPT or Gemini, I'm Done

Bose SoundLink Max Review: How Does It Compare to the Cheaper SoundLink Flex?
240514-site-bose-soundlink-max-2

Bose SoundLink Max Review: How Does It Compare to the Cheaper SoundLink Flex?

Hands-On With Huawei's Pura 70 Ultra
240515-winged-pura-70-ultra-00-01-30-05-still001.jpg

Hands-On With Huawei's Pura 70 Ultra

I Tried Three Fitness Apps to Help My Postpartum Recovery
cs-ai-coaching-seq-00-07-22-19-still001

I Tried Three Fitness Apps to Help My Postpartum Recovery

How Many Times Did Google Say AI at I/O 2024?
Every AI Thumbnail

How Many Times Did Google Say AI at I/O 2024?

I Tried Google's Project Astra
240513-site-google-project-astra-hands-on-v3

I Tried Google's Project Astra

Everything Google Just Announced at I/O 2024
240513-site-google-io-supercut-thumbnail-v2

Everything Google Just Announced at I/O 2024

Google Introduces Gemini AI Upgrades to Gmail and Chat
google-io-gemini-gmail-chip

Google Introduces Gemini AI Upgrades to Gmail and Chat

Google Brings Multistep Reasoning to Search
screenshot-2024-05-14-at-11-16-37am.png

Google Brings Multistep Reasoning to Search