So the multi-factor authentication process is more secure, but why is that important? Now, for some sites a compromised username/password may have little if any consequences, say for content that is free, but the site wants to collect subscriber information for marketing purposes. However, that is not the case for many sites, where the consequences of a security breach for both individuals and organizations could be quite severe. For example, individuals may have on file credit card information that could be used for nefarious purposes, such as unauthorized purchases; businesses could suffer loss or exposure of confidential information, such as personally identifiable information for which the consequences could be severe economic and/or legal penalties.
Answering some questions about WWPass and where it plays may help explain the company and its solutions:
1-What are the chances of WWPass being successful? Every crystal ball is cloudy and so all predictions involve uncertainty. However, WWPass could very well succeed; their key is getting the large domino (i.e., well-known Websites) service providers to buy in.
2-Will this achieve the dream of a single sign-on? The answer is probably no. If you have innumerable requirements to use username/password authentication, many smaller players who do not see any significant consequences from a compromised username/password may not have any compelling reason to take the extra step. However, if the sites that you visit most frequently and/or have the greatest sensitivity to potential breaches, your convenience may have improved only somewhat, but your peace of mind a great deal.
3-Will my authentication information be safe with WWPass? WWPass acts as an intermediary and uses a sophisticated process called dispersed secure storage to ensure anonymity (your interactions are completely private), integrity (secure authentication process), robustness (encrypted user data is distributed in such a way to multiple sites that the failure of any one site cannot bring the system down), and safety (data is fragmented before distribution, so a breach of any WWPass would yield only an unusable data fragment).
4-What security problems does WWPass solve and what doesn’t it solve? WWPass is not all things to all men. It focuses on a key information and access management (IAM) issue, namely individual authentication, to be able to access and use applications and data, but it does not, and should not be expected to deal with all the rubric of security issues from misuse by authorized employees to compromised hardware. Other products deal with those facets of security.
Mesabi Musings: User authentication is only one of a large number of security issues that continue to challenge and plague enterprises today. However, it is one facet of security with which we are all intimately familiar. Unfortunately, the use of the what-we-know factor of authentication as the single factor is known to create a lot of exposure risk. Using a second factor of authentication — the something we have — in the form of a token, such as the WWPass PassKey, greatly reduces the exposure risk.
WWPass brings the convenience and security to user authentication that have been long been associated with the ATM two-factor authentication process, which requires both an ATM card and a PIN. WWPass hopes to bring ubiquitous (the preponderance of application and data service providers offer WWPass capabilities) and frictionless (almost unnoticeable to use) user authentication to replace the username/password paradigm. If they are successful, our lives will be a little easier and safer in our electronic transactions.
At the time of publication, WWPass is not a client of David Hill and the Mesabi Group.David Hill is principal of Mesabi Group LLC, which focuses on helping organizations make complex IT infrastructure decisions simpler and easier to understand. He is the author of the book "Data Protection: Governance, Risk Management, and Compliance." View Full Bio