I recently had a conversation about security wtih Jennifer Gilburg and I felt strongly that she share the details with everyone and hence she decided to write a blog post – which is below for your reading pleasure (authored by Jen). As background, Jennifer Gilburg runs marketing for Intel Corporation’s Intel® Identity Protection technology. She has over two decades of software marketing and business development experience mostly in security. She spends her time crusading for better online security for consumers. In this guest post, she outlines how “digital tokens” are worth their weight in gold when it comes to protecting your identity online.
Until recently, when it came to exposure from online fraud, most people only worried about the protection of their online financial accounts. These accounts have been big targets for fraud as evidence by the thousands of phishing sites produced each month targeting financial institutions. While the threat of a compromised account can be a huge concern for the general consumer, liability in security incidents has traditionally landed on financial institutions, which are expected to protect their customers.
Today, though, responsibility is less clear. Fraudsters have found that by leveraging trust between online parties they can proliferate malware an incredibly fast rate. As people accumulate hundreds of trusted “friends” on social networking sites, fraudsters are targeting these accounts to spread malware downloads and send spam or targeted phishing emails. Moreover, with mass storage now readily available through consumer email service providers, more people are keeping valuable private information in their inboxes (think: mortgage applications!), which can provide data to fraudsters to perform identity theft. Throw in online gaming with millions of dollars of value in virtual goods and it is easy to see why fraud is booming.
The problem is: usernames and passwords (especially weak passwords and ones used at multiple accounts) do not provide ample protection. They are being phished, socially engineered, guessed or stolen at astonishing rates- to the point where most people have had or know someone who has had an account hijacked and used for malicious intent. What is needed is a way to more clearly tie a user’s identity to a trusted device, much as credit cards with personal photos provide an extra way to identify you when the card is presented to a retailer.
One popular way businesses do this today is to use physical, “two factor authentication” tokens. These are credit card-sized devices that combine something you know, your username and password, with something you have, a randomly generated code created in the token, that you input at a site to gain access. The tokens are used by many Fortune 500 companies to give employees, partners and vendors access to corporate network resources. The trouble with this approach is that there is a certain level of expense involved to maintain the system, and if the algorithms behind the tokens are ever compromised, it can take months to recode and replace them.
To address these challenges, Intel worked with other industry thought leaders to embed two-factor authentication in computer chip hardware, a security approach that promises to be more seamless for end users and more cost effective for organizations. This new technology is called Intel® Identity Protection Technology (IPT) Here’s how it works: Built into select 2nd generation Intel® Core™ processor-based PCs, IPT eliminates the need to memorize a code or attach a security device to your computer. When you access an Intel IPT-integrated web site you will be prompted to “register” your PC at that site.. On subsequent logins, you simply enter your user name and password and behind the scenes the PC generates a unique six digit code which gets validated by the website. Intel IPT’s smart technology makes this process simpler and more secure, changing your code at regular intervals before your account can be hacked. If you’re away from your PC, the web site can also offer an alternative method for authenticating users (such as SMS one-time password codes sent to registered phones or pre-determined knowledge based questions). For the end user, this whole process is very fast, easy and frictionless.
For a demo of the IPT experience, go HERE.
The great news is that OEMs started shipping IPT-enabled consumer desktops and laptops in June, and more than a dozen are now available, offering people and Web sites an integrated way of protecting access to online accounts. In addition, more than 1,000 Web sites now support IPT-enabled computers, and Intel is actively working with partners to expand that number.
For more information, please go to www.ipt.intel.com.