Security needs a plan B

IMG_2510Passwords are a pain. Even when armed with a great password manager like LastPass, you still have to manage sometimes hundreds of passwords at a time. While infrequent, there are occasions where you need a Plan B to get into your account in case something goes wrong. LastPass has an Emergency Access feature that, after a waiting period, allows a trusted third party to gain access to your account in the event that something happens to you or you lose access to your email and phone number.

There’s no question that the old username/password authentication scheme is outdated and a huge pain for users. When looking at new ways to authenticate us to our apps, there are some great ideas out there. Let’s consider Copper for a moment. They have created a platform that’s easy enough to use that turns your mobile phone into your authentication means. It does this by sending you a text message each time you use the authentication and the site or app you are accessing requests that you punch in your one time access code. This is a great means to validate that you are who you say you are.

But. And it’s a big But.

What happens if you suddenly need a new mobile number and no longer have access to the old one? Copper says to this:

“We don’t currently have an ability to transfer accounts. There are some thorny security issues to work through. We think about it from time to time so watch this space.”

What happens if your mobile is lost or stolen? Again, Copper says to this:

“We don’t yet have a good way to allow users to block or lock their Copper account temporarily—we know that we need to build that capability, and it’s on our roadmap as we iterate on this first version of the product.”

Rats! This is a dead end for this authentication technology, unfortunately. Without a Plan B – this authentication solution will fail to serve users with the recovery options they need when things don’t go according to plan.

Too bad – I really hate passwords.

Greg

Leave a Reply

Your email address will not be published. Required fields are marked *