-
Strategies for a discontinuous future.












Tuesday, February 24, 2004
 


Sun's backing a new authentication scheme - actually, it's stronger than that:

"..."It's evident that the defensive approach that Microsoft offers is not effective," Schwartz said, pointing to viruses such as MyDoom and Sobig. "It's time for the industry to go on the offensive in the same way the mobile operators and financial institutions did at the inception of their network rollout, by strongly authenticating network citizens."

How?

"...A user would sign onto a site using his or her mobile phone number. The site's computers would then link with the mobile phone carrier's network to send the user's cell phone a message asking for the user's password. The user would type the password in on phone and then be authenticated on the computer".

Will this work? Nope. Why? The economics are all wrong. First, if you think this kind of authentication offers only marginal benefits over existing schemes. Second, it exposes the network to all kinds of massive new vulnerabilities.

More than anything, it's just a minor-league play by Sun to control the edge of the network, locking in users by leveraging their installed JavaCard base. Nice try - but you'll have to come up with a strategy that actually creates value for the market to want it (unless you're MS).

But this guy did say one insightful thing:

"..."The expense of anonymity has been borne by those who have been authenticated, and it's time we reverse that."

See, this shows us he really doesn't get the economics behind his own scheme. Anonymity is a positive as well as a negative externality - it's a benefit as well as a cost. Seeing it only in one dimension guarantees the failure of this strategy.

In other authentication news, MS and RSA are getting together, presumably to integrate RSA into Windows. Verisign is also jumping in - with a system based around a hardware token supporting the OATH standard, which it's pushing with some heavyweight backing.

-- umair // 2:37 PM //


search



new


input

due diligence
ventureblog
a vc
techblurbs
tj's weblog
venture chronicles
terranova
the big picture
gigaom
venchar
bill burnham
babak nivi
n-c thoughts
paidcontent
techdirt
slashdot
london gsb
mefi
boingboing
blort
hardwax
betalounge

ing
morgan
chicago fed
dallas fed
ny fed
imf
world bank
nouriel roubini

portfolio
contact

mail.
uhaque (dot) mba2003 (at) london (dot) edu

skype.
umair.haque

atom feed

technorati profile

blog archives