Mother’s maiden name? Favourite film star? Companies rightly take security very seriously, but why on earth do they make it so hard? Take your average online bank, retailer or social media site; they will ask you to set up a username and a password for start. They may insist the password contains upper and lower case characters plus a number and maybe a special character such as & or $.
But – rightly again – they know that passwords alone can be guessed or copied, so they add a few extra little hurdles for you to jump before getting into your account. They may ask for mother’s maiden name, favourite filmstar, or name of first pet.
Which is OK up to a point. Set aside the possibility that many of those answers could be gleaned by trawling through the user’s social media accounts. The big problem is that we all access dozens of websites that all want us to give passwords and ask us different security questions. And after a while, you may not remember what your “significant place” or “favourite vegetable” was when you first signed up for that website.
So you either end up writing them down somewhere, or you use exactly the same answers for all of your accounts. Either way, it means that security is compromised – and difficult – from day one.
So here’s a suggestion. Instead of setting up all these questions, these companies could just ask for your mobile phone number when you first register.
When you next log on, you would still enter your username and password to identify yourself, and immediately the central system will generate a one-time code that it texts to your mobile phone. You just take the code from your phone, and key it in to authenticate yourself.
There is no way the one-time code can be guessed. It is secure because it is transmitted by a separate and encrypted channel to the Internet. And most important of all, the user does not have to try and remember that favourite film, that significant place or that first pet’s name. Just tap and go.
SecurEnvoy, the future of authentication.