I know I am me...

john.brookmyre — Thu, 29 Jan 2009 21:35:00 GMT

Moving into the multiple factor authentication World (crypto calculators, tags etc) it looks like we may all have a lot of these different devices to authenticate our selves, here are my ramblings on the subject...

Does anyone else have a bank account which uses crypto calculators, tags or mobile phone codes to validate a transaction? Two factor authentication is fast becoming the norm in the fight to reduce fraud, which cannot be argued against, but what about me as a user? How many times have you needed to do an online transaction and realised that you have left your calculator at work for the weekend or you can only find the one for you other account(s)... Or you are at home trying to check your work emails only to find that you have left your tag somewhere else? These scenarios happen to me quite a lot and I have two tags and two crypto calculators... If we look at the natural progression with fraudsters getting better and more and more information been stored on us, it wouldn't be a massive leap of faith to imagine that we are going to get a lot of these calculators and tags - perhaps Tesco, Amazon and EBay will start to require this level of authentication and maybe this will balloon to all web-sites which require any form of authentication... Live Mesh / Cloud too - this may sound a little far fetched, but look at the explosion of store cards for similarities where some people have upwards of 10 cards. This could also be used for the authentication for cloud computing too which will need some stringent security to gain widespread adoption.

I was impressed recently when I could use my Google Account to access other sites using OpenID and equally impressed when I was able to use Map My Run with my Facebook credentials. From Wikipedia:

OpenID is an open, decentralized user identification standard, allowing users to log onto many services with the same digital identity.

Can we have a consolidation?Is it possible for the banks (maybe not a time where they are looking to invest, but they could take a fee to sign web-sites up) or Google, OpenID, MS Passport, et al to use this concept to come together to offer users the single tag or device to provide the two factor sign on mechanism? There would surely be a lot of benefits to this approach in the fight against crime too, having one confederated repository for the use of authentication would enable analytical techniques to clearly spot potential fraud patterns or none normal behaviours which could be visualised in any number of ways or have advanced algorithms to highlight risks.

Social network visualisation techniques could be used to show the interactions of users / access points / accounts over time or a tool like Net Reveal from Detica could be used to power the investigation.

This could be enriched by including other facets to fight the fraud, why can't banks be on Facebook, Twitter (and other social tools which have widespread adoption) keeping an eye on my status so it knows where I am or where I am planning to go or share the data which the Government has (owning chunks of the banks may offer some positives) on us or the data which my phone provider has on my location? On these issues the question of big brother, risk of data loss and where to stop always comes into play - but I would happily allow my bank to follow my Twitter, Facebook status and movements to purely ensure the safety of my hard earned. Would you?

As always, any comments and thoughts would be really welcome. Thanks to everyone who has linked to me so far and left comments - much appreciated! Especially Pete Hanlon and Chris Webb.

John

Technorati Tags: Business Intelligence,Data Visualisation,Data Visualization,Cloud,Analytics,OpenID,Confederated Data,Statistics,John Brookmyre,Conchango,EMC Consulting,security,multiple factor authentication

John Brookmyre's Blog : Multiple factor authentication

I know I am me...