Everybody had a minor freak out this week when we heard that LastPass was exploited and invaded by unknown parties. You’re all familiar with the story, so I’ll spare you a full rehash: according to the team they “found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed”.
What they did turn up, however, was that LastPass email addresses, password reminders, server per user stats, and authentication hashes were compromised. In other words, it’s not good. Now, the team at LastPass has continually reassured everybody that nothing horrible can come of this situation, but I don’t think that’s the important thing to focus on here.
Rather, I think it’s about time we asked a question that some have been probing for a while now: why are we still using passwords? LastPass was built to be the end-all be-all of password solutions, but I think it makes more sense to look at is as the final phase of a technological evolution pressing into a new era. That is, I think we're entering a world where passwords will be as irrelevant as beepers.
After the LastPass fiasco I was contacted by Usher, a company that was built specifically to help enterprises replace traditional forms of identity security like IDs, tokens, badges, and passwords. Mark Gambill, CMO, thinks that Usher is paving the way towards a new future by bringing mobile identity badges to smartphones.
“It’s amazing how hackers – for lack of a better word – have developed an ability to work their way around things that use passwords,” says Gambill. “From our CEO down we believe passwords are antiquated and a thing of the past. That’s why we feel Usher is a better alternative.”
Usher itself is a part of parent company MicroStrategy and helps them fulfill their mission to provide the most flexible, powerful, scalable, and user-friendly analytics and identity management platforms. And Usher was designed and based on multi-factor authentication.
When you bring the app up on your phone, there's an ID and barcode associated with your account, but the information changes every 60 seconds. It's a fluid, constantly evolving passcode that, even if hacked, would be rendered entirely void a minute later.
“Nobody can figure it out or hack it along the way,” says Gambill. “Sure, we never can predict the future, but we think this gives added layers of security that simple passwords just can’t touch.”
Security is topical, and we read about breaches every day. What a lot of people don’t realize is that there are better ways to do things which exist right now. Understandably, the Usher development team is excited about the future of the industry, and their biggest, immediate goal is to tell their story to as many people as possible. Personally, I’m excited for a day when these kind of solutions are available to the general public, but for now it's absolutely a step in the right direction.