I cannot begin to stress how important it is to use multifactor authentication on all of your accounts. It's absolutely critical in this world of password-hacking criminals and huge breaches.
I also can't begin to stress how much of an annoyance it is to use Google Authenticator and its ilk to type in 6-digit authentication codes all day.
In my case, I have to switch glasses because I read my phone with a different prescription than I use to see my computer screen, and when I have to switch from large screen to tiny screen (and back), there are at least two glasses swaps per login.
No wonder users whine when you make them start using a second factor of authentication. It is tedious, distracting, and unpleasant...and pretty much mandatory these days.
Let's talk about smartwatches. I'll come back to authentication in a moment. It ties together rather elegantly.
So...smartwatches. It used to really frustrate my Dad (who made his living a a New York City jeweler) that I had no desire to wear a watch. I figured there would always be a clock around somewhere and hanging something on my wrist had no appeal to me. As you can probably imagine, I'm not a fashion animal.
I still have no desire to wear a watch, which is why I don't yet own a smartwatch. My wife has a Samsung Gear Live Android smartwatch which she wears once or twice a month when she remembers it's there and feels guilty enough about buying it to lug it along on her wrist.
My primary phone is an Android device, so I haven't felt the pull of the Apple Watch's shared heartbeats (or the desire to prove myself a more-money-than-sense fashion lemming by putting down $10,000 or more for the Edition edition).
The whole smartwatch "thing" doesn't do it for me. I have no desire to get one and no inclination to wear one.
Which, oddly enough, brings me back to authentication. A few months ago, I did a CBS Interactive webcast, "Mobile devices, wearables, and the future of identity" with Jonathan Bensen of Centrify (a company that specializes in identity management software).
In the webcast, Jonathan gave a demo of a second factor authentication app running on a smartwatch. I've embedded a video of that demo below, but the key idea is that instead of typing in a code, the authentication service sends you a message, it shows up on your watch, and you just tap it to get into whatever you're trying to log into.
Here. Watch it. It's only 47 seconds long. Then I'll come back to why this kind of thing could make even me want to run out and not only buy, but wear a smartwatch.
When we did the webcast, I saw the demo and I thought it was cool and an interesting use of smartwatch technology.
But since then, I've been thinking about it more and more because I've been logging into stuff more and more, and it's been annoying as all heck. I do the glasses-swap-phone-hunt-number-peck process with Google Authenticator so often each day that it's begun to take on a level of annoyance previously only reserved for Congress critters and the DMV.
Each time I have to go through the code-typing dance, I've found myself thinking about what it would be like if all the sites I used let me use that little watch swiping thing on my wrist.
And I realized a very odd fact: I would actually go out and buy -- and wear -- a smartwatch for nothing more than that feature. Easy wrist-based authentication would be the killer app that would get me to strap a cumbersome piece of metal to my wrist and wear it all day.
Over the past few months, as the Apple Watch loomed on the horizon, we've been discussing the question of whether smartwatches are really a technology in search of a need.
We've seen gimmicks like wrist taps and shared heartbeats you can send to a loved one, but none have done anything that either a regular watch couldn't do, or anything that would transform your day and make wearing the watch (outside of the novelty factor) worthwhile.
I believe second factor authentication is that killer app. We will all need to use second factor authentication as a default access pattern within a short time or risk total penetration of our accounts. The convenience foreshadowed by Jonathan's demonstration gives an indication of what might convince watch-naysayers like myself to strap one on.
But let's take it a bit further, shall we? We're starting to see all sorts of sensors in the watch. At some point, smartwatch makers will be able to sense who is wearing their watch or, more to the point, whether the watch's owner is wearing it.
That information could also be fed into the authentication process, so not only does the authenticator validate you conveniently via "something you have" on your wrist, but also adds in a third factor of "something you are".
If I could get one watch and one app that would let me authenticate with everything I need to access (not counting the secure government systems I need to use), I would throw down the cash and strap on the watch. Heck, I'd even switch my phone from Android to iPhone if that's what it took to get this sort of solution on my wrist.
Keep an eye out over the next year or so. The company that masters the smartwatch-based authentication process -- for both businesses and individual users -- will have the killer app of the smartphone generation.