Long, complex passwords that must be input on tiny screens, often while on the move: Such hassles make password-based security unworkable in a mobile world. But change is coming, thanks to an industrywide backlash that gave rise to a gold rush of new technologies.
Eventually mobile security may no longer hinge on whether a password is long enough, but on how well the device knows the user.
"There's been an explosion in the past year, with new things coming out every month," says Kayvan Alikhani, director of technology at RSA, the security division of EMC.
One example: The rapid emergence of a standards organization for mobile and online security, the Fast Identity Online (FIDO) Alliance. Within a year of its founding in February 2013, the alliance had enlisted more than 100 members, including RSA, PayPal, Google, Microsoft, BlackBerry, MasterCard and Netflix.
"It's a great concept, fabulous technology, with industry heavyweights behind it," says Frank Dickson, an analyst at Frost & Sullivan. "The only drawback is that it is a very young standard."
To get a handle on which specific authentication devices to hitch to FIDO, Alikhani says RSA conducted surveys and convened focus groups to assess users' security preferences. "The big winners were the methods that were fast and did not require the user to remember anything," he says.