Alpha-numeric passwords have been with us almost since the dawn of the computing age. But our guest this week, Phil Dunkelberger the CEO of Nok Nok Labs, says they’ve overstayed their welcome, and that the next few years may see them disappear altogether. We talk about what will replace them and how.
The birth of the computer password is generally traced back to the Massachusetts Institute of Technology (MIT) in the mid 1960s, when the university developed the Compatible Time Sharing System (CTSS) for managing access to a shared computer cluster at the university.
Half a century later, the password has long since outlived its usefulness. It’s imminent demise has been just around the corner for years – decades – now. So long, in fact, that our guest on this week’s podcast, Phil Dunkelberger, says he has stopped prognosticating.
Still, events have conspired to accelerate the shift away from passwords. Chief among them: a string of mega data breaches stretching back years. The sum of those can be found in online forums with names like Collection 1: huge agglomerations of stolen credentials that can be used for so-called credential stuffing attacks against popular online services or a range of other targets. (Check out Podcast Episode #130 with Troy Hunt, where we talk about Collection 1.)
NOK NOK Labs is a pioneer in driving the adoption of password-less next generation authentication that includes biometric, token or wearable-based authentication of devices and users. The company’s technology works on mobile, PC & IoT platforms, delivering strong, multi-factor authentication.
Phil has a long history in the authentication and data security space. He served for 8 years as co-founder and CEO of PGP Corporation until it was acquired by Symantec in 2010. Phil served as Entrepreneur-in-Residence at Doll Capital Management (DCM), served as President and CEO of Embark, and COO of Vantive Corporation. He has held senior management positions with Symantec, Apple Computer and Xerox Corporation.
To start out, I asked Phil about the movement towards password-less security including FIDO, or Fast Identity Online, a protocol that NOK NOK helped develop and launch. Phil says that we stand on the cusp of major changes. Among them: the W3C will require FIDO support for all W3C certified browsers. Phil says that FIDO support will help to move users away from passwords and toward more secure login methods like biometrics of various sorts, smart phones and USB tokens. Paypal already uses FIDO, as does the Alibaba AliPay system.