We need clearer thinking about privacy and security

A very thoughtful article!  Like you, I'm doubtful about mobile solutions.  Remote Chip Authentication leveraging the security embedded within the EMV infrastructure looks like the best long term solution.

Nice little article Steve.

I have no doubt that everyone will follow the mobile path. I remember my first discussion years ago with Chris Skinner, who initially thought little of the potential of a mobile solution, probably because I was too far ahead of the pack, but he didn't take long to understand that if the security was right and it was easy enough of a process for customers, then it would be the end game. It is.

We were looking at offering internet banking without logons and passwords, and we may still, however we have realised that our customers will not even need to do internet banking at all - ever. Not in the sense that the banks are currently doing it.

We have some really fun surprises in store. Mobile ID is the foundation for the neatest little trustworthy natural language personal assistant you ever met, independent of your level of technology, ie any phone or device.

Retail Banking such as it stands is obsolete, history. Done and dusted.

As a process think of the Veyron passing the Austin...we're in the Enterprise watching from above. Done and dusted.

Dear Steve, I fully agree with you that we must discuss how to handle our personal (traffic) data (credentials, etc)  on- and offline. It isnt that easy any more since we have invented the internet. We also made a thinking mistake by believing that online business must not work the same as offline business. People do not understand how the internet works itself. They dont have a glue of it. But when you discuss with them how they would see a value chain in the web, they will always take the offline one as the model. Leaving ones traces in the net is the same as leaving traces on a muddy street. But in the web we have to remind that life on- and offline is mixed togehter. - thats the difference!

The most important issue in a world where you cannot see your visàvis and most contacts or business are made between man and machines is to use strong authentication (the funny thing is that in german language there are several terms for this: authentication, authentification). 
And what kind of authentication is used in the web? It is mainly (99%) the password/username method - this is the reason for more than 70% of misuse, fraud, identity theft, phishing, botnet attacks etc. nowerdays.
Why?  Its very simple.
What do you think a criminal is looking for ? He looks for data that he can use for criminal acts.
So, compare it to offline life. What would such a criminal do, when he wants enter your house?
He will start an observation/investigation  to find out more about your habits....
And what do we all know about passwords? they have to be at least 13digits long, they have to be build of meaningless letters, numbers and &/_§ signs, must never be used twice , must be changed every month, etc. etc. And what do we all do in reality? We all use one and the same password for different webaccounts; be it a bank or be it a facebook account. Once a password is typed in by keyboard it is´nt any more ones own secret. This is just terrific. You know that the expenses for security solutions of banks is propably higher than of a social network site or another website. So our criminal just needs to observe/get our password (s) It rather be singular because we all use the same for everything (there are many studies on this). The rest is just done with google....and then continued by phishing, man in the middle, hacking, etc. Its very easy.
So what could be the consequences?
- Get rid of the PASSWORD authentication method
- EU, US, etc. countries should issue a decree that every website having a login MUST offer at least TWO different authentication methods
- EU, US etc. regulatories should enlighten the weakness of password methods.

What are the alternatives?
Currently there are about 3,6 Billion people using the web. There are about 280 million active websites. There are about 28 Million websites that have a login. Akamai counts about 50 Million visitors /minute on observed sites.... I guess that there are many (password) logins/minute....
So a solution should primerly be knowledge based for this amount of users. It also should be free for use and no additional hard or software should be installed..... Just have a look at WebLookon.com  and you will get another point of view...... Have fun

Nice site Heinrich but the the concept has some difficult issues to overcome.

Not to worry - no log-on, no password for any site including internet banking will get rid of all the hoohaa and make it a lot harder for the bad guys won't it? Coming soon.

You tell it ! Of course it is not that easy to convince this mass of people  to leave their passwords and from now on use pictures and symbols instead.
Many people we deal with just say they will never be able to remember a secret based on pictures and symbols. But when I tell them that we all recognize and remember pictures from the beginning of our life, then they got it - they try it - and they like it (Writting comes later!)
We have many issues to overcome - it true. But with this service we bring in a lot more functions, utilities etc. to both - the user and to the content provider being our customer. The user can check his login statistics worldwide (time, date, ip, domain, failed logins, pos. logins, etc) Today we can never know where and who is misusing our login data. With WLO you know it and it will stand up in court. WLO will develop to a single Sign-on portal that will in addition offer pre-paid and charge card functionalities and ATM solutions just by using/providing the WLO authentication service to banks, etc. The moment a user is authentified, he can go right to his dashboard where he can adjust, enable and disable a lot  of other functionalities. Content Providers can not only be 99,9 % sure that it really is the customer logging into the site. CPs can reduce their password and identityManagement costs as well as insurances premiums (online business).
But the smashing thing is that no one needs to install anything- neither the user nor the content provider. Implementation takes 10 minutes........best regards

Stephen,

A good piece, and I agree with your conclusion that we wouldn't need a second channel if we could make the main channel tamper resistant (and unable to be actively intercepted or passivley monitored). Not sure how on earth one proposes to do that in a workable manner, though!! So I think we're stuck with multiple channels as the way forward, as everything else ends up boiling down to single factor 'what I can intercept' and pass on.

Lots of work underway on securing mobile data transfer at the moment, in particular because of the advent of mainstream mobile payments and the subsequent interest to organised crime.

I must admit I do like Heinrich's WebLookOn, and think it could catch on. Not as a security solution, mind you, as it fails for the same reason as all the other OTP generating systems, but as a new super-fiendish Su Doku. Too many of the grid based systems coming through at the moment are far too easy to find the known secret and just aren't fun to crack. As the site says 'have fun' and I'll confess I did  - it took over an hour to find the secret given three data sets (though if you wish to play at home you'll have to get a friend to set it up, else you'll know the images you're after), but I've got bored of all the Su Doku Ken Kens in the newspapers, so this was a breath of fresh air (though, if I'm splitting hairs, from the initial 'select the picture of a reptile' I'd point out that a frog is actually an amphibian).

A single channel can be made secure by digitally signing (asymmetric cryptography) each transaction, using a private key in a tamper resistant store, invoked from a host machine hardened against Man In The Browser attack.  The key store is easy -- use a smartcard and connected reader, or equivalent (e.g. WPKI enabled mobile device)  Hardening against MITB is a bit harder but there are plenty of obfuscations that make life hard for the attacker, and the Trusted Platform may be gaining traction which ought to thwart all forms of malware. 

So I suggest we should put our collective energies into elegant, robust, long term architectures, and not awkward multi-channel compromises.