Passwords can be phished, and carrying an extra key fob security device for accessing sensitive sites can be inconvenient. So Intel is putting authentication technology into its chips that will allow websites to verify that it's your PC logging into your online account, and not an imposter or thief.
Intel Identity Protection Technology is being added to the chipsets of some Core and Core vPro processor-based PCs from HP, Lenovo, Sony and others that began shipping to consumers this winter, according to Jennifer Gilburg, marketing director for the authentication technology unit.
This is two-factor authentication, which adds an extra layer of security so that even if your password gets stolen, whoever knows your secret code can't get into your account without offering more identification or proof of account ownership. In two-factor systems, the first part of the equation is what you know — password and username. The second factor is what you have — usually a hardware token, but in this case it's a token that's embedded in the chip.
"My three brothers have had email accounts hijacked. My younger brother gets his Facebook account hijacked like once a month," she said in a recent interview with CNET. "This is a friction-less log-in that can't be hijacked or phished or compromised."
Here's how it works: when you visit a website that offers this two-factor authentication service, you will be asked if you want to use the Identity Protection Technology. If you opt in, you log in, with username and password, a unique number that is assigned to that PC, so the site will know that it is associated with your account. Thereafter, when you visit that site and type in your username and password, an algorithm running on the chipset generates a six-digit code that changes every 30 seconds from the embedded processor that is then validated by the site.
"It's seamless to the user after set-up," Gilburg said.
The website needs to be using technology that works with the Intel chip to enable this two-factor authentication. For example, VeriSign sites use Symantec's VIP (Validation and Identity Protection) Service technology on their end to communicate with Intel's chip-level technology on the customer's computer. Symantec acquired VeriSign's authentication services unit last year.
"They need to get Amazon, Google, whoever does authentication [on sites] and sells you stuff on-board," said Jack Gold, founder of tech analyst firm J Gold Associates.
The technology could also be used for activities, like downloading songs, he said, adding, "It's basically a way of protecting the user and telling the site at the other end that this really is the legitimate user."
If you want to use the authentication but you aren't at your regular computer, some websites offer an SMS option in which a code can be sent to a customer's phone.
The new Intel technology comes at a good time, with stolen passwords and hijacked accounts becoming commonplace and traditional hardware token-based systems are running into problems. Earlier this year, there was a serious hacker break in at RSA that prompted corporations, government agencies and other organisations to replace their SecurID tokens.
"The RSA breach showed the vulnerability of hardware tokens from a disaster recovery perspective," Gilburg said. "It took months to re-manufacture, re-seed [pair codes with tokens and accounts] and reship out the tokens. Here, you can revoke and re-provision in minutes."
The Intel solution is a good one for now, said Charlie Miller, principal research consultant at security firm Accuvant.
"It seems like a pretty natural migration, as many security-related things are moving from software to hardware to protect them from prying eyes," he said. "As for drawbacks, there might be a privacy issue, but it's hard to think how it would be significantly worse than tying a computer to a website via cookies and other current software mechanisms."
We can think of one major one — there are plenty of non-Intel chips out there.