While data is often considered major currency in the online marketplace, one CTO made a case for authentication trumping its value among information brokers.
On Tuesday, Nils Puhlmann, CTO of Endgame, an Arlington, Va.-based security intelligence and analytics provider, spoke on the topic at RSA Conference 2014 in San Francisco.
“If you look at all of the recent big breaches, they all started with [an attacker gleaning] a users' credentials,” Puhlmann told attendees during a panel on authentication.
The session, titled “Are Mobile Devices the Answer to the Strong Authentication Problem?” also included thoughts from panelists Phillip Dunkelberger, CEO of mobile authentication firm Nok Nok Labs, Michael Barrett, the president of the FIDO (Fast Identity Online) Alliance, and Brett McDowell, the head of ecosystem security at PayPal.
The execs – all leaders at forward-thinking entities as it pertains to technology for verifying users' identities – essentially agreed that the industry was making strides towards improved authentication methods, though passwords still remained a dominant, even if outdated, standard for users.
Nok Nok Labs' Dunkelberger told attendees that “it's not a technology issue” that holds the widescale adoption of password alternatives at bay. Biometric authentication, for instance, has been used for quite some time, he explained.
According to him, a real shift in security will occur when users change their behaviors and incorporate password alternatives into their everyday online activities.
“That may happen when there are enough interesting things to do with it,” Dunkelberger said of authentication technology.
For instance, using one's fingerprint to purchase items online, or to view medical records, instead of just as a means of logging into their computer, could make the difference for users, Dunkelberger said.
PayPal's McDowell mentioned that such occurrences are not as far off as many would think.
On Monday, PayPal and Samsung announced a partnership what would allow Samsung Galaxy S5 users to login and buy items online via PayPal with just their fingerprint, instead of passwords, he told attendees.
“That's the beginning of something that is more usable…and secure,” McDowell said.
