Apple, Google and Microsoft have announced that they are joining forces to support a common passwordless sign-in standard that will allow websites and apps to offer consistent, secure and easy sign-ins across devices and platforms.

The Problem With Password-Only  

Relying on password-only authentication is known to present many risks and challenges such as managing multiple passwords being cumbersome for users leading to password-sharing, data breaches, and stolen identities. Despite the added measure of two-factor authentication, the goal of tech companies in recent years has been to create sign-in technology that is more convenient and more secure and move towards a passwordless future.

FIDO Alliance & W3C Standard 

The new common passwordless sign-in standard that Apple, Google and Microsoft are joining forces to promote and introduce is an expanded standard created by the FIDO Alliance and the World Wide Web Consortium.

Two New Capabilities For Users 

Although Apple, Google and Microsoft already support FIDO Alliance standards to enable passwordless sign-in on billions of devices, previous implementations have required users to sign-in to each website or app with each device before they can use the passwordless functionality. This latest announcement, therefore, is really about how the platform implementations have now been extended to give users two new capabilities for more seamless, secure passwordless sign-ins. These new capabilities are:

1. Users can now automatically access their FIDO sign-in credentials (also known as a “passkey”) on many of their devices, even new ones, without having to re-enrol every account.

2. Users can employ the FIDO authentication on their mobile device to sign-in to an app or website on a nearby device, regardless of the OS platform or browser.

This means that, as well as being easier and more convenient, if widely supported, service providers could also offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method.

Follows A Decade Of Work 

Mark Risher, Senior Director of Product Management for Google said, “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords”. 

Talking about the standard’s contribution to the vision of a passwordless future, Alex Simons, Corporate Vice President, Identity Program Management at Microsoft said, “By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords”.   

Andrew Shikiar, executive director and CMO of the FIDO Alliance highlighted how the standard could help service providers, saying “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilisation of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication”. 

What Does This Mean For Your Business? 

Finding solutions to keep one significant step ahead of cybercriminals whilst maintaining or increasing convenience for users, and avoiding the damage caused by data breaches, is an ongoing challenge for the tech companies. The passwordless future is the vision that’s starting to see some progress. 2FA has provided just enough security for now and biometrics were touted as the way ahead. Expanding the FIDO Alliance standards is the next “low-friction” step along the way and the weight of Apple, Google and Microsoft publicly getting behind it should mean that it is more widely adopted, thereby hastening the journey towards the realisation of the ‘passwordless’ vision. Cybercriminals, however, are always pushing and finding new ways to beat security systems, and with the threat of AI being used in the wrong way soon, it remains to be seen how successful the widespread use of the expanded FIDO Alliance standards will be in the near future.

The UK government has announced that it is giving statutory powers to the new Digital Markets Unit (DMU) regulator to enforce pro-competition rules and protect users from the “unfair practices” of big tech companies.

New Watchdog To Prevent Abuse of Market Power 

Following a consultation in July 2021, the government says that it is giving statutory powers to its new DMU tech watchdog, launched in non-statutory form within the Competition and Markets Authority (CMA) last year, to make sure tech companies don’t abuse their market power.

Armed with its new powers, the DMU will be able to enforce new tailored codes of conduct for how the handful of firms dominating digital markets should treat their users and other companies fairly. Sanctions for those companies who ignore the new rules could include a fine of up to 10 per cent of their global turnover.

The government says that the DMUs job will be:

– To help boost competition across digital markets by tackling the harmful effects and sources of substantial and entrenched market power.

– To protect smaller businesses from predatory practices and to protect consumers and competition by governing the relationship between users and key ‘gateway’ digital firms.

– To ensure fair prices for content in disputes between powerful platforms and content providers such as news publishers and advertisers. As part of this role, the DMU will have the power to step in to solve pricing disputes between news outlets and platforms. Also, the DMU could help ensure that app developers can sell their apps on fairer and more transparent terms.

– To make it easier for people to switch between Apple iOS and Android phone operating systems or between social media accounts without losing their data and messages. The DMU, for example, will be able to stop companies limiting consumers to pre-installed software on their devices. This could also give users more choice of which search engines they have access to, and of social media platforms as new entrants enter the market, as well as giving more control over how their data is used by companies.

– To make sure that smaller firms are alerted to any algorithm changes which affect the driving traffic and revenues.

Those With ‘Strategic Market’ Status To Report Takeovers 

The government also says that a small number of companies with substantial and entrenched market power will be designated with ‘strategic market’ status and will have to report takeovers before they complete so the CMA can conduct an initial assessment of the merger to determine whether further investigation is needed.

Should Mean Greater Choice and Lower Prices For Consumers 

Consumer Minister, Paul Scully, said that with the new powers for the DMU: “We’re ensuring our modern, digitised economy gives consumers better products, greater choice and lower prices by having companies compete for customers on a level playing field”. 

What Does This Mean For Your Business?

It would be difficult to deny that there are essentially just a handful of big gateway tech companies that are entrenched, and able to exert a lot of control over the market with their power. The move with the consultation and the threat to give the DMU statutory powers (which may not actually happen) is an attempt to try and create a more favourable competitive environment where smaller entrants have more of a chance and aren’t simply bought up before they become a threat, where end users have more choice, and where big tech firms are less able to charge higher prices because they can. This move by the UK government is also part of a wider strategy to hold big tech companies to account in many ways, including improving safety, e.g. with the Online Safety Bill. The announcement about possible powers for the DMU is also likely to be good news for publishers, advertisers and app developers. For the big tech companies, it is likely to be preferable to avoid too much more external scrutiny and regulation than they already have, so this latest announcement and its implications for profits is likely to be unwelcome news for them.

In this article, we look at how there are several risks and challenges associated with sending email attachments, how businesses can track emails, and about a new product that could allow greater visibility and control of what happens to email attachments after they’ve been sent.

What Happens When Emails With Attachments Are Sent? 

Modern email systems use the MIME standard (developed by Nathaniel Borenstein and Ned Freed) which was officially released in 1996. This allows an email message and its attachments to be sent all in one single multipart message, which uses base64 to convert binary into 7-bit ASCII text, full 8-bit support via the 8BITMIME extension. This standard means that email messages with attachments can be sent in a more utilitarian and seamless way. A message passes through several mail transfer agents along the way to the recipient with the message being stored by each one before its forwarded on.

Fears And Challenges Relating To Sending Email Attachments 

Although the sending of email attachments is a long established and effective way of sharing files, for businesses especially, there are fears and challenges associated with it, especially where commercially sensitive attachments are concerned. For example, these include:

– Sending an email attachment generally means that its complete journey and events along the way aren’t invisible (can’t be tracked or monitored) and are beyond the control of the sender, e.g. the sender can’t see who has seen it and can’t revoke access to certain unintended, unfavourable recipients.

– Unless asking for ‘read receipt’, it is not easy to know or prove who read an email (and when). Emails sent from some marketing platforms, e.g. Mailchimp, do provide some information about who has read an email sent via that platform such as the recipient’s email address and how many times the email was opened. Again, however, this email could be forwarded and the events along the way remain invisible.

– There is usually no way of knowing exactly how each recipient has interacted with an attached file.

– Attachments are often used to send malicious programs (malware) and, as a potential security risk, are often viewed with suspicion and may be filtered out by spam filters.

– Some users may choose to send attachments via other routes that may be viewed as being secure in the first place (e.g. WhatsApp), but this still means that a sensitive attachment’s route after that can’t be monitored. The attachment could still end up in the wrong hands and can’t be revoked.

Email Tracking Apps 

Using email tracking apps / software tools is one way to track what happens when emails are received and are particularly popular with email marketers. Examples of email tracking apps and tools include:

– Right Inbox (a paid-for Google Chrome extension). This tracks who reads and clicks on (Gmail) emails, how many times.

– SalesHandy (free). This provides desktop notifications for every email opened and link clicked.

– Mailtrack (Gmail extension – free and paid-for versions). This offers engagement information, a dashboard to view tracked emails, works on mobile.

However, this still leaves the challenge of what to do about tracking and controlling what happens with potentially sensitive attachments.

Sending Secure Links

Some users may choose apps that allows them to send secure file links (rather than attachments) so that link properties can be changed as needed and control of documents can be retained. This can be faster (on upload/download time), more security measures can be added, and it can enable tracking, for example, the CloudFiles secure file sharing and tracking app.

Document GPS 

A possible solution may be ShelterZoom’s Document GPS, available as an extension in Google’s Chrome web store.  Announced as being the first Gmail document tokenization tool on the market, Document GPS appears able to address many of the issues and fears around what happens to email attachments after they’ve been sent. The extension uses blockchain, the same technology behind cryptocurrencies which has been described as being like an ‘incorruptible spreadsheet’. Using this technology, the extension allows the user to monitor and control email attachments and manage their entire journey. The sender can see who downloaded the file, who opened it (via a timestamped log), and who forwarded it. Another important feature of Document GPS is that the sender can revoke a recipient’s ability to download or share the attachments at any time, even after the email has been sent. This addresses the risk of attachments falling into the wrong hands and presenting a commercial risk, e.g. a competitor downloading it.

Its makers say that the extension can make the full lifecycle of a document’s (email attachment’s)  journey secure and that they plan to release a similar tool for Microsoft Outlook users later this year.

What Does This Mean For Your Business? 

Retaining control over security in the digital world requires many different tools and technologies. As well as email being a place where many threats can arrive, e.g. phishing emails and malware, it can also be a way to create risk and threats through a lack of visibility and control over what happens to attachments. New developments such as the Document GPS extension, and the power of its underlying blockchain technology could represent a way for businesses to gain new insights and control, thereby improving security and maintaining completive advantages. Blockchain is proving to be a technology that has multiple applications in many industries where precise tracking and audit trails are needed.

In this insight, we look at where Virtual Reality (VR) is now, plus what predictions there are for its future.

Potted History 

Virtual Reality (VR) is a simulated and fully immersive experience that obscures the natural world, which is used for entertainment, education and business. The very first VR headset / head-mounted display (HMD) dates back to 1960, and General Electric produced the first computerised flight simulator in 1972. In the more modern Web era, 2014 saw Facebook buying Oculus technology for its VR technology, and the launch of Google Cardboard, PSVR and the Samsung Gear VR. Things started to take off for VR from 2016/17 onwards and, the (augmented/virtual reality) AR/VR headset market was reported to have grown by 92.1 per cent year-on-year in 2021 compared to 2020, with half of the sales in the 4th quarter of 2021. This made 2021 the first year since 2016 where this level of growth was experienced.

The prediction is that the global market size of AR and VR is forecast to smash the $30.7 billion market size of 2021 and rise to $296.9 billion by 2024 (Statista, 2021).

Examples of VR Use 

Some examples of the current and developing use of VR include:

– Entertainment, such as VR headsets being used for gaming and virtual sports, games, and competitions.

– Saving money for car manufacturers, e.g. BMW and Jaguar Land Rover, by allowing engineers to experiment with the look and build of a vehicle before commissioning expensive prototypes.

– Healthcare professionals using VR to prepare and train for operations.

– VR shopping experiences, e.g. The Metaverse Fashion Week (hosted by Decentraland on 24 March) where visitors could virtually experience fashion shows from global brands, attend virtual live music sessions at branded after parties, as well as buying and wearing digital clothing directly from catwalk avatars. Some see the future as using body-scanning technology and trying-on clothes in the virtual world to see what they’d look like before buying.

– Estate agents offering 3D VR property viewings, and architects and interior designers using 3D models of buildings/houses which can be viewed and experienced by customers wearing 3D headsets.

– Platforms like Glue, Arthur and Meeting Room enabling VR events, conferences and meetings.

– Law enforcement agencies using VR to train police in handling different situations played-out through simulated interactions with people.

– VR is also being used in online gambling environments, attractions (visiting museums and galleries virtually), fitness (VR fitness apps and headsets), education, and more.

Meta / Metaverse 

VR is already used for social activities such as exploring and creating immersive content for each other in the ‘metaverse’/VR space, e.g. Meta’s Horizon Worlds,  AltspaceVR and Horizon Worlds.

In November 2021, Facebook CEO Mark Zuckerberg made the news by announcing that Facebook was grouping its apps and technologies under the new company brand name of ‘Meta’ and that users would soon be able to experience a new, immersive VR metaverse. This had already begun with Horizon Worlds (launched via invite-only in beta in 2020) which is a free, virtual space app that has been built with the Horizon creation tools. Users (over 18 and in the US and Canada) can create their own avatar, explore, work with others, and build and play their own games and activities as well as playing Meta’s base game. The user’s legless, floating avatar can fly around the virtual world and assemble a custom digital environment from building blocks and use pre-made code snippet scripts to set the rules for the games they create.

Challenges

Although VR seems to have really started taking off in 2021, with huge growth predictions for the future, some of the challenges include:

– The relatively high cost of the hardware, software, and development.

– The need for education and training, e.g. for business use of VR.

– Dealing with possible new legal and acceptable behaviour issues with VR.

– Possible health and insurance implications of using VR, such as injuries (e.g. people walking into things whilst wearing a headset), motion sickness, accidents, and damage to property. For example, in February, Insurer Aviva revealed figures showing that accidental damage caused by VR headset-wearing gamers caused a 31 per cent jump in home contents claims in 2021.

– Ethical issues, e.g. VR immersion can be isolating, and could lead to problems readjusting to the real world.

– The need to make VR experiences better and even more immersive. For example, a team at Carnegie Mellon University have added ultrasound waves to a VR headset to give users a sensation in their mouths.

What Does This Mean For Your Business? 

The leisure and fitness use of VR received a big boost over the pandemic with people looking for entertainment and novel ways of exercising while at home. VR, however, has been proving its worth for businesses for several years now, e.g. in the automotive industry, architecture and design, virtual tours and virtual meetings. For many businesses, VR solutions that are targeted to fix a specific business problem and are affordable and don’t require too much training to use them would make them more attractive. Predictions for the growth of VR and AR are very promising, and although there are challenges, this is very much a growth area that is still in its early stages. Facebook/Meta’s announcing its ‘metaverse’ has also gone some way to bringing the idea of VR and immersive digital experiences and their possibilities into the wider public consciousness. VR experiences and business tools are, therefore, likely to be ways to boost business strengths and develop opportunities going forward.

The Financial Conduct Authority (FCA) has warned that there has been an 86 percent rise (July to Dec 2021 compared to the previous year) of a screen-sharing scam. The FCA reports that the scam involves people posing as investment advisers and offering to help their targets to set up new schemes via online meeting platforms. Once the victim is convinced to share the screen and enable remote access, the bogus adviser takes control of their device and their bank account and can steal their investment information.

With so many of us depending on our smartphones for many aspects of our business and personal life, and with electricity prices rising, here are some ways to reduce battery consumption and save electricity:

– Use Dark Mode (for OLED screens).

– Stick with 4G rather than 5G.

– Reduce your screen refresh rate (via Settings).

– Opt for static rather than live/moving wallpapers.

– Avoid using always-on display.

– Don’t overcharge the phone i.e., unplug it as soon as it reaches 100 per cent.