I say Tile? XY3? Click ‘n Dig? You say, what? Unless, that is, you are a person who employs one of these devices to keep track of your keys. Few things in life are more vexing on a recurring basis than searching for keys. House keys, car keys, Florida Keys (ok, the last one is marginally easier to find). The irritation stemming from not being able to find missing keys grows exponentially with each passing moment, generally because locating the keys is an integral part of whatever we want to do next. Obviously, this is a problem in need of a solution, and modern technology provides one, or several, as the case may be. Now, it may be the keys can return the favor, and help us with a problem driven by modern technology.
Passwords continue to offer a pathway to devastating cyber breaches. To begin, people continue to widely use passwords that are, to be charitable, overly simplistic. According to multiple sources, the most commonly used password continues to be 123456. The really security conscious, not wanting to appear lazy, go to 123456789. These clever ruses have driven password and admin down the list of most commonly used passwords, although they still are top 10.
Many organizations have addressed the issue by requiring more complicated passwords, and moving to multi-factor authentication. If you listen carefully, that sound you may hear is the rising whine of people who are complaining that those steps are imposing undue burdens on their ability to function efficiently. Looking at the problem, leading technology providers have come up with a new solution—keys.
Google has become a market leader in this area. It introduced a physical security key that employees must use to access accounts. According to Google, since its 85,000 employees began using the keys, there have been a grand total of zero successful phishing attacks on the organization. It considered the key so successful that it is now marketing its Titan key to the public.
We may be on the verge of a sweeping change in multifactor authentication. Although we will still have one little problem—where is that darned key?
By Tom Davis, SDI Cyber Risk Practice
September 26, 2018