APIcon 2014: Using APIs to Move Beyond the Simple Password

In an age where end users and developers alike are more conscious about IT security than ever, it’s little wonder that more focus is being put on finding more robust authentication methods than the simple password.

Because most people have trouble remembering their passwords, they tend to keep them simple enough for a lot of determined hackers to guess. In addition, increasingly sophisticated security attacks are making it a lot easier for criminals and other digital miscreants to steal those passwords whenever they like.

At the APIcon 2014 conference this week, SecureKey made the case for a more sophisticated approach to managing security based on the use of dynamic authentication and identity to manage end user credentials.

Based on a cloud service, briidge.net Connect provides developers with access to a trusted identity network they can use to multiauthenticate users via a few simple API calls, says Michael Varley, enterprise architect for SecureKey. The SecureKey service uses a QuickCode multidevice PIN to authenticate the user without ever generating the same token twice.

Varley says this approach also simplifies the management of security because a single QuickCode can be used across all devices. At the hackathion occurring at APIcon this week, SecureKey is encouraging developers to create secure applications using the briidge.net Connect service and an SDK that supports Android, iOS, and Windows using a proprietary protocol to communicate with SecureKey servers in the cloud.

The service then challenges end users to provide their credentials, which Varley notes has the added benefit of pushing the liability for losing control of the cryptography onto the end users rather than the developer.

From a financial perspective, Varley says there is no benefit for developers to manage credentials and authentication. While that function is critical to the ultimate success of an application, Varley says that spending engineering time managing identities cuts into the profitability of the application development endeavor. As such, from a developer perspective, Varley notes there is no return on investment when it comes to identity management that can be provided in a much more robust manner by relying on a service.

At the end of the day, SecureKey has created a federated identity management service that removes much of the onus for security from the developer and puts it on a cloud service, where it more naturally belongs.

Original Article

Michael Vizard