Passwords can be phishing attacks, and carrying an extra device security key fob to access sensitive sites can be a drawback. So Intel is putting the authentication technology in its chips that allow Web sites to verify that your PC is accessing your online account and not an impostor or a thief.
Identity Protection Intel chipsets is added to some Core and Core vPro processor-based PC from HP, Lenovo, Sony and others, which started shipping to consumers this summer, according to Jennifer Gilburg, director of marketing Unit authentication technology.
This is the two-factor authentication, which adds an additional layer of security so that even if your password is stolen who knows your secret code can not get into your account, without giving further identification or proof of account ownership. Systems on two factors, the first part of the equation is what you know – password and username. The second factor is what you have – usually a hardware token, but in this case it is a tab that is built into the chip.
“My three brothers have been hijacked email accounts. My younger brother gets kidnapped his Facebook account about once a month,” he said in a recent interview with CNET. “This lower friction SA record which can not be seized or phishing or endangered.”
That’s how it works. When you visit a Web site that offers this service for two-factor authentication that asks if you want to use identity protection technology. If you agree, login with username and password of a unique number assigned to the PC so the site is known to be associated with your account. Thereafter, when you visit that site and enter your user name and password of an algorithm running on the chipset generates a six digit code that changes every 30 seconds from the embedded processor which is then validated by the site.
“It’s perfect for the user after installation,” said Gilburg.
The Web site must be using technology that works with the Intel chip to enable two-factor authentication. For example, sites using VeriSign VIP Symantec (Validation and identity protection) technology at its end service to communicate with the Intel chip technology at the customer’s computer. Symantec has VeriSign.
Some sites will deploy the service over the coming months and to be used JAVACODE based software, according to Gilburg. He could not say how many sites are now offering support for authentication, but according to a list on the Intel site including eBay and PayPal.
“They have to Amazon, Google, which makes authentication (in places) and you sell stuff” on board, said Jack Gold, founder of technology, analyst J. Gold Associates firm.
The technology could also be used for activities such as downloading songs, he said, adding “It’s basically a way to protect the user and tell the site at the other end of this actually is the legitimate user.”
If you want to use authentication, but are not your regular computer, some websites offer a choice of SMS in a code that can be sent to your client.
Intel‘s new technology comes at a good time, with passwords stolen and hijacked accounts are becoming common and traditional at a hardware token-based systems are running into trouble. Earlier this year, a serious hacker RSA robbery that led to some companies, government agencies and other organizations to replace their SecurID tokens.
“The failure demonstrated the vulnerability of RSA hardware tokens from a disaster recovery perspective,” said Gilburg. “It took months for remanufacturing, reseeding (codes par with chips and beads) and resubmit the records. This provision may be revoked and in a matter of minutes.”
Intel‘s solution is a good idea, for now, said Charlie Miller, principal research consultant Accuvant security company.
“It seems very natural migration, like many things related to security are moving from software to hardware to protect from prying eyes,” he said. “As for the disadvantages, there may be a privacy issue, but it’s hard to think how much worse would be to tie up a computer to a website through cookies and other mechanisms of current software.”