The past few years have seen an ever-increasing avalanche of high-profile and high-impact data breaches.
There are, of course, myriad different ways for bad players to access someone's account nefariously but one of the more popular ways is via password infiltration -- the genesis of a stolen password is somewhat irrelevant, since once the password falls into the wrong hands, access is absolute.
Which is why there is a move towards alternative or additional methods of authentication. In particular, two-factor authentication (2FA) has gained much attention in recent times. But while 2FA is effective, it is also, to be honest, a bit of a pain for users. Anything that increases the stress of users trying to log into services creates another barrier to increased security.
Which is where biometrics come in. Biometric identification can provide a quick, secure and painless way to prove identity. There have been many different ways that biometrics have been used over the years -- indeed my mobile phone has a fingerprint scanner which is surprisingly accurate and avoids me having to type passwords interminably on a screen.
Another biometric approach, and one being introduced by LogMeOnce today is PhotoLogin -- a feature which, as the name suggests, enables users to log into any website simply by using a photo. This is actually one of four different secure login options offered by the single sign-on (SSO) and authentication company.
LogMeOnce has actually secured a patent for its PhotoLogin technology -- and the approach they take is interesting. Users have three steps to login:
- Click the PhotoLogin icon on the LogMeOnce desktop home screen to snap a picture of themselves or anything near them to reference their current location identifiable to them.
- The photo is instantly sent to the user's mobile device to verify or reject the image. They then perform a Tinder-like swipe left or right for data such as IP Address, GPS Location and timestamp to tell them when and where the picture was taken.
- Once they have clicked “Allow” on their mobile device, they are free to start browsing on a desktop.
Each photo expires in 60 seconds and self-destructs after the very first use, so a user's photo “password” is unique every single time. Unlike facial recognition products, LogMeOnce’s PhotoLogin captures the entire scene of a photo, and it doesn’t require a user to blink or wink. For those users scared or worried about taking a picture of themselves, they can also take a photo of any object nearby. According to the company, LogMeOnce’s use of a photo’s background and scene information adds to the dynamics of image accuracy, distinction and secure multi-factor authentication (MFA).
There is no debate that single passwords provide security risks for organizations. But even other methods of secondary protection are not infallible:
“Traditional passwords are risky, typically weak and are more susceptible to be hacked or duplicated,” says Kevin Shahbazi, CEO of LogMeOnce. “Even protecting passwords with a second factor of authentication doesn’t make you invincible to hacks. By default, PhotoLogin adds a third-factor of authentication and lets users authenticate themselves to ensure that login information cannot be duplicated, making this feature one of the strongest layers of defense against hackers.”
The real question here is whether this approach is too different to gain widespread adoption. Even standard 2FA has been relatively slow in getting picked up as users struggle with the idea of "two passwords." The fact that this solution comes from a smaller vendor is another barrier to widespread adoption.
This is another example of smart technology that may struggle to gain a foothold in the marketplace. LogMeOnce is doing all they can to resolve that issues, the update is free and is available as a browser extension for Chrome, Firefox, Safari on Windows and Mac, as well as iOS and Android platforms. Time will tell whether that is sufficient or not.