Ahem. I’m here to clear up that awful myth that Tricerion strong mutual authentication is less secure than those irritating tokens. So here it is folks, the cold, hard facts.

Malware and trojans are all about stealing passwords. They steal them by capturing typed in passwords and login names. With Safe Login, passwords are never typed in – they’re entered on an on-screen keyboard using the mouse to select either alphanumeric characters or pictures that make up a password. To malware, it’s like grasping at air – there’s nothing for them to catch.

What makes Safe Login even more special is that it anticipates and protects against something that has never happened. See, virtually every (secure) login everywhere is protected by 128-bit encryption. No one has figured out how to crack it, but that doesn’t mean hackers aren’t trying. And if someone did crack it, the world would be their oyster. They’d have all logins and passwords in open text, able to hack just about anything, anywhere. Tricerion has this really elegant, intuitive system that separates data streams, so that if SSL 128-bit encryption were ever cracked, anyone using Tricerion’s system would be protected.

We read stories about phishing and data breaches and we get worried. Some of us start thinking that maybe we’re better off (security-wise) with paper-based banking. Sending checks, receiving statements in the mail, paying bills the old fashioned way – manually with a checkbook and a stamp. But as Jean Chatzky said this morning on NBC’s Today Show, online banking is actually safer than paper-based for a few reasons.

1. People who use online banking check their account 4 times more often than those who use paper-based banking. That means if someone does fraudulently steal your identity or your banking information, you’ll find out about it more quickly and remedy the problem earlier, translating to potentially fewer losses.
2. Banks’ online systems are more secure than your mailbox and trash bin. Sure, they may not be 100% impervious to attack, but they’re much harder to hack into than your mailbox at the curb or the trash can full of sensitive information (even if it is shredded).
3. You can’t ‘wash’ an online transaction. Check washing still occurs today – where someone takes a legitimate check you signed, washes the original amount and payee information but retains your signature. They’re then free to put their own name and any amount they choose. Online transactions aren’t washable – they go where they’re meant to go, when they’re meant to go.

Basically what it boils down to is, choose a secure password that you can remember without writing it down. Keep your information to yourself, and don’t fall prey to scams inviting you “click here” to verify your information. You bank doesn’t need you to verify your information, and if they do they can find a more secure way to contact you than sending an email or putting a button on your Facebook page.

The debate on usability vs. security somehow always leans towards usability as the obvious choice (we all like “simple”).  Yet every day, all around us we are faced with the very same dilemma:

• Airport security. Yes, I want to just show my ticket at the counter and go straight to the airplane door … no frisking, please.  Unfortunately, not all people are getting on the plane just to travel from A to B.  Some of them try to carry explosives on board.  Our concern for safety will allow for more stringent access control to the planes.

• Government. The Bolshevik revolution started with the social ideal of universal equality.  The Communists believed that every man is inherently good, if he was only given the right tools and opportunities.  Give everyone an equal amount of food, money, clothes, housing, work, and paradise will descend upon us.  Of course, the masses should be defenseless because the State will protect them.  Being different or more gifted than others is also uncool, because you just make the others look bad (remember – universal equality).  If you had to live through that atrocious Communist experiment, would you rather have a meager, but stable and predictable existence where most of your basic needs are met, or would you chose total freedom and personal responsibility for your own success (and failures).  It is incredible, but usability (so to say) wins here too.  People want it easy when it comes to government – basic needs trump individual freedoms.  In a recent poll, 60% of Russians still regret the break up of the Soviet Union.

• Online Privacy. There’s been a major paradigm shift in how our society views personal issues.  We now easily discuss very private events and feelings with hundreds of our Twitter and Facebook followers.  Our trust in online privacy created a new (false) sense of security in believing that we still control the information. How much inconvenience would you bear (in terms of access security) to make sure that your social networking accounts are never compromised and misused?  My LinkedIn account is connected to many people I respect and appreciate.  The last thing I want is for someone to hijack my credentials and discredit my reputation or my network.

-       Zack Whittaker asks “How would you fix it?” (the password clutter vs. security issue).

I’d like to suggest that G.K. Chesterton’s response to the famous question “What is wrong with the world?” applies in this case.  Chesterton’s response was written in a form of a letter to “The Times” which initially posted the question:

Dear Sirs,
I am.
Sincerely yours,
G. K. Chesterton

What is wrong with the username and password?  I am.  The user is.  As long as the user has the ability to share authentication credentials, he is vulnerable to social engineering (phishing) attacks.  We assume (much like the Communists did) that the user is generally smart and responsible . . . we just need to build higher walls for the enterprise technology or web services (firewalls, etc.).  I agree that the usability has to remain high, and mutual authentication, specifically graphic passwords, is one of the few security approaches that increases access security, while targeting the weakest link – password shareability.  When using graphic passwords, the user has no ability to easily share his password by typing it, disclosing it on fake websites, sending it by email or even writing it down on a piece of paper.

Our use of technology in everyday life has changed how we live now, 45 years after the first mainframe computers were built.  Yet, we continue to use a 1960s access control mechanism.   Passwords have evolved into the 21^st century and it’s time to benefit from it.