How Near-Field Communication Could Sound the Password’s Death Knell

Since the dawn of the digital age we’ve signed up to the password, trusting its ability to keep our digital lives safe from those who mean us harm.

Moore’s law tells us that every two years computing power doubles – meaning every two years the amount of time it takes to crack a password using a brute force attack halves.

It’s now reached the point where a password can be cracked in minutes, sometimes in as little as just six seconds – six seconds to potentially lose your entire digital life.

In an attempt to protect ourselves many of us have turned to increasingly long and complex passwords made up of numbers, symbols and differing cases.

There are two things wrong with this, first, all it does is slow the hacker down not stop them. Secondly, with no hope of ever remembering these complicated passwords we’ve resorted to writing them down, with many of us admitting to the unsafe practice of ‘password vaulting’: storing them all in one unsecure place!

The antidote

The antidote to password hacking is two-factor authentication (2FA), which incorporates something you know, such as a password or PIN, something you are, such as a fingerprint or retinal scan, and something you own, which can either be a physical token or a soft token on a device you use every day, such as a mobile phone.

The idea behind 2FA is to bring two of these separate methods together to introduce a much stronger level of security, should one of the methods become compromised.

In the past, increasing the security of user authentication has always meant additional time and complication to the end user logging in. Many organisations have therefore refrained from making it compulsory as they felt the end user experience was more important than the need for better security.

Lacking simplicity, these solutions have not been able to replace the password and because of this our information continues to be at risk.

The media is awash with headline of yet another celebrity that’s had their social media profiles or iCloud breached, with hackers stealing images and sensitive correspondence, as well as sending out embarrassing messages from their Twitter feed or Instagram.

Social media platforms and the Apple iCloud all offer two-factor authentication but many clearly choose not to initiate it, despite having a lot to lose.

There is a solution, however: Near Field Communication (NFC). The technology enables smartphones and other devices to establish radio communication with each other to wirelessly transfer data by bringing them into proximity.

NFC differs from other wireless data transfer technologies such as Bluetooth as it doesn’t require devices to be paired before use.

Mobile applications can utilise NFC to securely transfer all the information required to enable a browser to start up, connect to the required URL, and then automatically enter the user id, password and second factor passcode in one seamless logon.

This technology can be used for any back-end solution that needs to verify a user, whether it be at initial logon or at the point of verifying a transaction. Effectively, any time an application needs to positively prove the end user is who they say they are, this technology can be invoked.

This effectively removes the need for a password and creates a solution which is quicker, easier and more secure – all the ingredients needed to signal the death of the password.

Windows 10, which is set to launch this summer, incorporates NFC technology into the operating system which means a Windows smart phone can be used to interact with Windows 10 tablets, laptops and PCs.

This technology isn’t just limited to mobile phones either. Wearable technology, highly personal in nature, can also be utilised, enabling you to authenticate using your smart watch by simply tapping your wrist against the corresponding device.

NFC is already supported on most leading Andriod and Windows smart phones whilst Apple is yet to open up the NFC chips in the Apple Watch and iPhone for third-party application use, it is expected to do this in the near future which will make NFC authentication possible for Apple devices as well.

From an end user perspective, they simply choose the account they want to activate, enter a four-digit pin or fingerprint, and tap their phone or smart watch against the corresponding device. A pin, a tap, and you’re in. It’s that simple.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

Listen to the podcast today