Related Stories

  • Retail sector leads the pack for worldwide data breaches
    Shopkeepers, beware: The retail industry is now the top target for cybercriminals, accounting for 45% of security firm Trustwave’s data breach investigations last year (a 15% increase from 2011). Overall in 2012, nearly every industry, country and type of data was involved in a breach of some kind, with cybersecurity threats increasing as quickly as businesses can implement measures against them.
  • NIST tackles online ID ecosystem with technology grant program
    US consumers tired of remembering multiple passwords and IDs, which still don't fully protect accounts against hackers, may soon have a range of third-party options to create a better online identity – one that can be signed into and used across platforms.
  • 90% of passwords can be cracked in seconds
    More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte.
  • Goodbye, 123456: Blackberry bans weak passwords
    Blackberry has always had a reputation for taking particular care when it comes to security. Its enterprise-server-based deployment configuration was one of the reasons the Blackberry soared to such a high penetration rate in North America, pre-iPhone. Now, Blackberry-maker Research in Motion is tackling the consumer side of things, banning 106 passwords from being used with its devices because they are too weak.
  • Most Big Data implementations feature no security beyond passwords
    The Big Data revolution, spurred by technologies that allow companies to collect, manage and analyze very large data sets thanks to cluster-based computing architectures – is creating vast repositories of mission-critical information that are, in turn, creating new security concerns. Unfortunately, a new white paper finds that most enterprises are relying solely on passwords to protect their data.

Top 5 Stories


Apple iWatch could replace passwords

15 February 2013

Ever heard of the Apple iWatch? Recent news reports are claiming that Apple is branching into wearable computing with a smart watch worthy of James Bond, usable for everything from recording conversations to acting as a personal assistant.

One researcher, however, postulates another use for the iWatch: it could render passwords obsolete.

Passwords are of course the notorious weak link when it comes to end users inadvertently letting the hacker barbarians into the castle. A recent study shows that the ever-popular “password1” remains the go-to corporate “protection” byword. But complex or dynamic passwords challenge users to remember them, leading to users scribbling the key down on post-it notes attached to computer screens or in e-mails to themselves – neither of which is particularly secure.

Biometrics and physical security like the old token authentication remain good alternatives, but they are also alternatives that are difficult to implement, particularly on the consumer front. According to Bruce Tognazzini, a human-computer interaction expert, Apple has an opportunity to reinvent credentialing and authentication – and indeed physical mobile secuirty – just as it has mobile phones and computing.

In what he calls one of two killer applications for the iWatch, Tognazzini said it can and should, for most of us, “eliminate passcodes and passwords altogether on iPhones, and Macs and, if Apple’s smart, PCs: As long as my watch is in range, let me in!” he wrote in his blog.

He doesn’t describe the mechanism for how the security would work, but presumably an iWatch app could connect to authenticated devices via Bluetooth or even Wi-Fi and 3G/4G, and once recognized, would open the door.

“Yes, Apple is working on adding fingerprint reading for iDevices, and that’s just wonderful, but it will still take time and trouble for the device to get an accurate read from the user,” Tognazzini said.

He also mentioned that individuals or companies that demand a higher level of security can require both the presence of the watch and a passcode, aka, two-factor authentication. “Even that could be made a lot less onerous, again optionally, if, when at work or within your own house, the security software would be allowed to lift the requirement for the separate passcode, only applying it when you are out and about,” he said.

He noted that there are some pitfalls to be avoided when developing the functionality. Apple must ensure for instance that if a user removes the watch, he or she must reestablish authenticity. “Reauthorizing would be an excellent place for biometrics,” he said. “Otherwise, we’ll have a spate of violent ‘watchjackings,’ replacing the non-violent iPhone-grabs going on today.”

Regardless, password replacement is a must, in Tognazzini’s view – which is saying something considering that he developed the original iPhone interface.

The other killer app for the iWatch is also security-related: a “find iPhone” function, which includes not just the long-distance geo-targeting available today, but also the ability to have an iPhone begin chiming if it’s lost inside the house or a purse. It would offer an automatic alert when a person walks away from the phone – in an effort to prevent leaving it sitting on a table at a restaurant, or in the back of a cab.

“[The] iWatch can and should neatly fix the two most serious problems we have with our current mobile devices, ones we may not even realize we have,” he wrote. “The two killer applications are neither sexy nor fun, but they will make our lives so much more pleasant.”

The iWatch overall will fill a gaping hole in the Apple ecosystem, he said, in which security plays a big role (witness the outrage over the recent iOS 6.1 flaw). Tognazzini muses that an iWatch will facilitate and coordinate not only the activities of all the other computers and devices we use, but a wide array of devices to come – with credentialing being a critical piece.

If the watch did nothing but release me from having to enter my passcode/password 10 to 20 times a day, I would buy it,” Tognazzini said. “If the watch would just free me from having to enter passcodes, I would buy it even if it couldn’t tell the right time.”

This article is featured in:
Application Security  •  Biometrics  •  Identity and Access Management  •  Industry News  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×