Two-Factor Authentication: There Has To Be a Better Way

Twitter did it. And before them, so did Google, Yahoo, Microsoft, Facebook and Dropbox, among many others. And now, LinkedIn has done it too.

The social network for career-minded professionals announced recently that it has added an optional two-step verification feature. The idea is to secure user accounts against the threat of hacking. Typically, these include an added layer of authentication (via codes sent to keys or cell phones) to the typical username/password procedure.

Sadly, even this is no guaranteed safeguard against unauthorized access. Twitter hacks certainly haven’t stopped since the microblogging service launched two-factor authentication last week. Not only was ITV’s account breached, but just this morning, news hit the Web about the White House Press Corps account being hijacked as well.

To be fair, it’s not clear whether the new protocol was enabled in these cases. But that’s the point. Security always comes down to human behavior. And let’s face it — a lot of people don’t want to add irritation to their login process by adopting multi-step authentication. Unfortunately, that’s our best bet right now to lock down those precious accounts. So some users are skipping the feature, while others are sucking it up and flipping the switch.

The question is, now in the 21st century, is this really the best we can do?

Of course not, says one bold tech company. At AllThingsD’s D11 conference, Regina Dugan, Motorola’s head of advanced technology, made a few head-turning remarks about a decidedly biometric approach to authentication. This has nothing to do with those tired old retina scans and fingerprints, mind you. (That’s good, because egads — who would want to imagine the horrifying hacks required to steal logins?) No, Dugan thinks the future of authentication rests in two rather way-out-there concepts: tattoos and electronic pills.

That’s right. These are exactly what they sound like.

The tattoos are more like temporary, stretchy electronic stickers — biostamps, if you will — and they’re made by MC10, a firm known for creating similar products for the healthcare market so nurses can monitor vital signs. But they can also be used for logins, says Dugan. They’re flexible and, unlike phones and keys, they can’t be lost. They’re always on hand (er, skin).

Then there’s the pill, or “authentication vitamin.” This actually involves swallowing a tiny gadget that can uniquely identify you. Worried about ingesting a micro-battery? Don’t. You are actually the power source here. The vitamin literally gets juice from your stomach acids, so the embedded chip can generate an 18-bit authentication key. This is no bizarro concept either. Word has it, the technology has already been approved by the FDA.

Well, at least no one could accuse these approaches of being old-fashioned. And they would indeed mitigate the hassle of fussing with phones, keys, fobs and other doohickeys, just to check your LinkedIn feed from a different device.

Speaking of which, here’s more on the social network’s new protocol.

Without a vitamin or tattoo to depend on, LinkedIn has gone with SMS for second-level security. When users log in from an unknown device, the feature will additionally text a security code that enables access. To learn how to set this up, follow along with the slideshare presentation embedded below.

What do you think about the state of authentication? Do you have any brilliant ideas that can heighten security without increasing user frustration? Or do you like the biometric solutions Motorola has in mind?