It’s been over a year since the FIDO Alliance -- a group that includes Google, Microsoft and PayPal -- released its specifications meant to reduce the reliance of consumers and businesses on passwords. The idea (one that I can’t disagree with) is that our current system of passwords isn’t just not secure enough, but doesn’t work for the majority of businesses and consumers. Many of whom rely on a small set of not-very-imaginative passwords.
The proposed solution? A two-factor system which first determines that the user is, in fact, the person who should have access, and then that the user is indeed there in person and using the dongle (or device) that is providing access.
Erik Perotti, senior manager of new ventures for Plantronics, showed me a prototype of a headset called (not, he admitted, very imaginatively) the Wearable Concept 2 or WC2. The idea behind the headset (besides working as a headset, of course), is that it would operate as an authenticating device for people wanted access to a site or a technology. The first step, as Perotti demonstrated it, would be simply to speak your name (or some other keyword) using the headset; voice recognition would identify the speaker. The second step, local device authentication, would happen as the headset is challenged by the other device or the site; once the headset is determined to be physically present, access is then authorized.
He also demonstrated how the headset could work with an improved version of Google’s Smart Lock; using secure encryption/decryption algorithms, it would automatically unlock your Android device when you put on the headset and relock the device when you take the headset off.
Yes, this all sounds a bit involved, and the process isn’t quite as quick as typing “Password” into a form, but it’s got to be a lot more secure. The WC2 isn’t a reality yet; but as the concept is refined, a password-less tech culture may be part of our future.