Device SecurityWednesday, August 12, 2009
Before the Internet and just about the time internal corporate networks began being installed, few if any people secured their desktop computer with a password. Similarly, as notebooks began to proliferate, few people used passwords to protect the data they carried around with them. I was on advisory boards of several notebook vendors back then and they were all concerned about security and finding alternate solutions to passwords since people simply were not into using them.
Then came stories about data being stolen, email and the Internet became mainstream, and corporate IT folks began losing sleep over their data as mobile devices were being stolen or lost. New company policies were put in place to make sure mobile workers took care to use passwords on their notebooks so if they went missing, the data was at least password protected. Then came BlackBerrys, followed by smartphones. As you can imagine, as these devices became more capable, IT folks became seriously concerned because many more employees had them and they were easier to lose, leave behind, and steal. Yet in many cases, they contain the same type of corporate information as laptop computers.
There are better ways to secure information today on both laptops and smartphones, but many consumers still do not lock them, assuming that losing a device is something that happens to other people. One difference between laptops and smartphones is that smartphones can be configured by the company's IT department to go into locked mode after a certain number of minutes and to require a password for access. The devices can also be wiped clean remotely so all of the data residing in them will disappear if they are misplaced or stolen.
Today we not only need to sign onto a device to unlock it, we need to sign onto a bank site, stock trading site, and even Facebook or other social networking sites. You don't want to leave any of these open and vulnerable, so you invoke a password sequence to ensure your data stays safe and you log off when you are finished. (You do, don't you?) While all of these new security precautions and measures were being implemented, no one took the time to look at the sign-on screen that customers would be using over and over again. Most of them are really dull, drab, and lifeless. After all, they are only used to access what's in the device, so why should anyone take the time and effort to make them more functional?
Well, one of our current clients, Next Access, has done just that. It has re-written the rules for what a sign-on screen should look like, how it should behave, and what it does. It is fun and easy to use, it can be personalized, and the digits and images can be randomized for even greater security. YourKey is designed for both touch and non-touch screen devices, and Next Access has even found a way for the network operator, perhaps the handset vendor and, of course itself, to make money.
How It Works
The YourKey sign-on screen from Next Access can be made up of numbers like the screens shipped on most devices, but unlike those screens, the numbers can be jumbled each time the sign-on screen is invoked so observers won't know which numbers you selected. But that is only the beginning-you can replace the numbers with a variety of icons. For example, you could insert pictures of your kids, your dog, or your cat, logos of your favorite cars (BMW, Lexus, etc.), or your favorite drink (soft or otherwise), or choose from many more. In other words, you can personalize your sign-on screen to select a combination of numbers and/or icons to make it fun to sign on to your device, and the YourKey application can be set up to sign in anytime you need to enter a pin or other password. It does not take long to recognize that the business model for Next Access and its partners is not only the application, it is the ability to add commercial logos for use on the keypad to generate additional ad-driven revenue. Users who unlock their phones twenty times a day see the YourKey sign-in screen 7,000 times a year, which is more than the average person uses Google in a year.
I have not seen anything like this on the market to date. As I said, Next Access is a client. I like this company because it has found a unique way to generate income and provide a more secure way of gaining access to a device or data, and customers will enjoy using the application. So far, YourKey is being developed for Android, BlackBerry, iPhone, and Windows Mobile. It is also being developed for PCs, and even for ATM machines. I think YourKey will be a successful product.
But password protection is only one element in what you need to keep your devices and data secure. Threats are lurking out there everywhere: identify theft, corporate data theft, credit card and checking account information theft, and theft of your personal data. There are other measures you can take in addition to developing the habit of keeping your handheld locked. Many corporations are using encrypted data on their mobile devices and instructing their employees to stay away from Wi-Fi hotspots where you have to sign up for service in the clear. RIM, the BlackBerry company, has been a leader in mobile security. It can wipe a device including the memory card, set passwords and automatic device locking times, and much more. In fact, RIM's suite of security features and functions has become the model for the rest of the smartphone vendors.
In addition to security issues, hackers and viruses that have been rampant on desktop computers for years are now finding their way into handheld devices. By its very nature, wireless means handhelds are easy targets, and while Apple desktops have been almost 99% immune, the iPhone has become a target. Companies such as McAfee, VeriSign, and Symantec have been providing virus protection for PCs for many years and are now providing these same applications for our mobile devices.
You might say you don't have time to spend worrying about protecting your device and your data, and that nothing will happen to you. But think about this: Crooks and hackers have all the time in the world to refine their skills.
Andrew M. Seybold