Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 23 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

When was the last time someone built a security protocol that made it easy to use?

by The Gurus
October 13, 2020
in This Week's Gurus
Share on FacebookShare on Twitter

Since the FIDO Alliance launched 18 months ago, its achievements have not been boasted about too much, while it has quietly gone about its business attracting participating partners.

While the likes of PayPal’s security manager was there at the start, it has since attracted the likes of Alibaba and Winfrasoft and the industry has talked more and more about passwords and better authentication.

Research by Intercede of 2,000 UK consumers found 60 per cent of UK consumers confirmed that they only used passwords they could ‘remember’, while 30 per cent admitted to knowing a friend, relative, partner or work colleague’s passwords.

Speaking with FIDO Alliance board member Phil Dunkelberger, he admitted that rather than taking 18 months to produce any visible solutions, the project has been in operation for two and a half years “with a bunch of guys talking ad hoc about how to improve security and how to build a standard like SSL”. He explained that is at the centre of the alliance, what would commerce be like if there was no SSL?

“So if you said ‘what are the goals Phil?’ I would say that the first is to rebuild authentication and deploy it at the internet scale, this isn’t build a widget that you stick in the enterprise or put it as an app in the app store, that is good technology but it is rudimentary compared to building something for the ecosystem,” he said.

“The first to come out of the box was Samsung. All players came together for a solution that says ‘hey I’ve given the ability to millions of users and websites to be able to swipe your finger and buy with Paypal directly’ (or via an embedded website) and enable it overnight, so that is a pretty big thing. We built it to scale.”

Dunkelberger said that the concept is about giving the power back to the people, as we have dissolved the perimeter and a lot of the counter measures, and as usernames and passwords are stolen, that remains the number one way for breaches to start.

“People said ‘we have got to get a method that scales, that prevents scalable attacks without building Big Data stores in the back end with people’s credentials’,” he said. “Let’s stop man in the middle attacks because without a public and private key, you cannot do anything with the data and let’s stop phishing. Yet all these things fried, but then there is an even bigger idea, let’s make it easier to use. When was the last time someone built a security protocol that made it easy to use?”

Jamie Cowper, marketing director at FIDO Alliance member Nok Nok Labs, said that devices do exist, whether it is a token or an embedded biometric, and are there to be used for a website or application.

Dunkelberger said that it is about making a slope, rather than a step, function and it doesn’t need entire industry adoption, but it is a protocol that all can adopt it and make IoT adoption work. “Let’s make authentication work now as it is one of the core pillars of computing,” he said.

“Are people’s details going to continue to be abused? Industry has got to do something to fix it and got to address the cost, security, privacy and usability problems and that is what FIDO was designed to do.”

I asked Dunkelberger for his thoughts on criticism of the FIDO Alliance failure to deliver a product in the 18 months
of its public work. Cowper said that you need to look at the evolution of standards bodies, saying he didn’t know of anyone who had seen anything go from zero to 150 members in less than two years and be on the verge of bringing out version one of its protocol. “In that world of standards development, that is extraordinary,” he said.

Dunkelberger referred to his old project of PGP, and open GPG in the public domain, saying it took a “ridiculous number of years to get it ratified” as technical working groups from around the world met to ask “how do we make this more universally available?”

He said: “The deal is more about people in that it is not a bad thing, but people do not know how standards evolve. How do you get people in a room and agree on things, and they are agree?

“Look at the building blocks of people and people ask ‘how do we make this line up securely, and support a protocol that helps us all do a better job?’ When I got on board, people said I am trying to make PGP again. PGP changed the world, no argument on that as it brought encryption to the masses and it is historically significant, but step by step, it is about building blocks and doing it the right way.

“I was asked if I was satisfied and I am an impatient person, but when I showed the standards I have been on my whole career, you can see how this is moving.”

Cowper admitted that those working with standards do not want to do things quickly; they want to do it right and that is the right instinct.

Dunkelberger made the point that someone is trying to do something about it, to make authentication easier to use with better security underneath, everything stored locally and all privacy conventions say that is the right thing to do.

“A lot of things we set out to do: get the membership up, get the industry players, get the people to agree on a spec is all coming from everyone who lives in that world,” he said.

Phil Dunkelberger, FIDO Alliance board member, was talking to Dan Raywood

FacebookTweetLinkedIn
ShareTweet
Previous Post

Ransomware adds stronger security and targets enterprise

Next Post

Cyber Security Challenge:Offer apprenticeships and internships to boost security hires

Recent News

The Journey to Secure Access Service Edge (SASE)

The Journey to Secure Access Service Edge (SASE)

September 22, 2023
WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023
'open' sign on window ledge

SME Cyber Security – Time for a New Approach?

September 21, 2023
Keeper Security Logo

Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates

September 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information