New Intel chip technology designed to foil hackers
Intel Tuesday announced a chip technology that the company said was designed to foil hackers who use fake emails to trick employees into revealing their usernames and passwords.
It could also give future corporate IT managers the option of eliminating long, ever-changing passwords and replacing them with short personal identification numbers, or fingerprints and other identifiers.
Intel Authenticate will be added to the company's line of sixth-generation processors and tested by some businesses before entering production, said Tom Garrison, an Intel vice president.
Intel will make Authenticate part of all the processors that it sells for enterprise PCs. The authentication system uses hardware-based "multifactor authentication"-more than one method of identifying a user-to keep hackers out, even if they obtain passwords.
Putting the authentication process on a chip makes the PC itself part of the security system, the company said.
Phishing - tricking people into revealing of passwords with phony emails -is a rising problem. Garrison said an estimated 117,000 corporate cyberattacks occur every day that involve phishing for a username and password.
Intel's new business processors will verify an employee's identity with a personal identification number, proximity of the employee's mobile phone or badge, biometrics like a fingerprint, and location of the building the employee is in.
IT managers can decide which factors to embed in the chip, Garrison said. "IT has full control."
"One of the biggest keys to this is there is a secure element inside the Intel processor that manages all of this," said industry analyst Patrick Moorhead of Moor Insights & Strategy. "That wasn't available before. A lot of different pieces had to come together.
"Hardware is a lot harder to get into," he said. Someone armed with a password would be blocked by additional layers of security tucked away in the computer's processor, he said.
"lf you look at where attacks come, typically somebody gets you to give them your password with a fake email or text that says 'hey, log in' to a pirate website," he said.
"Now, you wouldn't have a single password. You would stick in your thumb, or look at the PC, have your phone near you, and be opening the PC where they know you work, and not somewhere in Lithuania," Moorhead said.
©2016 San Jose Mercury News (San Jose, Calif.)
Distributed by Tribune Content Agency, LLC.