Technology, security, and context
Motorola’s latest development for its new phone, Moto X, shows how some technologies can be context sensitive: Motorola Skip is a thumb-sized clip or a sticker that allows access to its paired smartphone with a single touch, without the need to introduce a PIN or an unblock pattern. The idea is that users carry the clip around, or leave a sticker in a particular location, such as the office desk, bedside table, etc.
Traditional security features tend to use typically a combination of factors based on knowledge (a PIN, unlock pattern, password, etc.), possession (an object, token, card, etc.) or inherent (biometrics, such as an iris or fingerprint reader).
But when the incentive is sufficiently high, no technology is ever going to be completely crime-proof. That said, a combination of factors (typically a two-factor combination), makes fraud a little more difficult.
In the case of Skip, the idea is not to add an extra factor, but to make things easier by basing access on possession instead of knowledge. This doubtless raises a range of new possible vulnerabilities, but also opens up the possibility of our device behaving differently depending on whether one has one’s clip to hand, and allowing us to resort to traditional identification methods when it’s not.
Some recent systems, such as Twitter’s two-factor identification, which has prompted admiration from the experts, is a brilliant development of the approach to converting security into something simple for the user of the application. The much-rumored fingerprint reader that the next incarnation of the iPhone will supposedly incorporate points to the growing use of a combination of factors or simply replacing knowledge for some unique physical characteristic of the owner.
These ideas are particularly interesting if we think about putting them to a wider range of uses: in the same way that setting your Amazon account’s 1-click allows you to select, pay for, and send products to a pre-established address as long as you do so from the computer you used to configure the service, it isn’t hard to think of authentication systems that would work differently depending on where you are working, based for example on having some small identifying device with you when you make the purchase.
The trick here is to convert security into something that adapts to different situations. Artificial intelligence along human lines is still a long way off, but we can at least try to make the machines we use every day more sensitive to our needs.
