You are your smartphone

26.10.2015
Yahoo last week unveiled a novel concept: Access to your Yahoo Mail account without a password.

What is a password, anyway

If you think about it, a password is a way to authenticate a person. You create a chunk of random knowledge that only you know. Later, to prove you're you, you demonstrate mastery of that knowledge. Only you would know to type "corndog658" when prompted, so obviously you're authorized for access.

It's a great way to authenticate, at least until someone steals or guesses your password.

Yahoo's system, which it calls Account Key, works like this: Install the Account Key mobile app (the system works only with the smartphone app), log in with your username and password. Tap the profile icon and choose Settings. Tap Account Key and enable it. (This is the moment at which password authentication becomes phone device authentication.)

From that point on, you can simply access your Yahoo email from your phone without a password. According to Yahoo, when you try to check your Yahoo Mail from any device or desktop computer, you'll get a notification on your smartphone asking you to confirm that you are actually you.

What this means is that, as far as Yahoo is concerned, "you" aren't someone who can demonstrate a chunk of arbitrary knowledge. "You" are anyone with physical access to your smartphone. You ARE your smartphone, as far as Yahoo is concerned. Stated another way, the authenticated human is whichever person has access to the authenticated smartphone.

Welcome to the new identity. An increasing number of services don't care about your password, your signature or even your mailing address. If you've got the authenticated phone, you're you.

Before cellphones, you could never really call a person directly. You called a place and hoped the person would be there. You dialed a building or location, then asked whoever answered: "Is Bob there"

Now you just call Bob. You don't care where Bob is. You just call the phone, and because you expect Bob to have possession of said phone, you can call a person. The phone is Bob.

A similar change is happening to the act of sending packages. Right now, you don't send a package to a person, but to a place. You ship to a home or office, and expect the person to be there at some point to receive the package.

A startup called Shyp last week completely changed how packages are shipped. Instead of shipping to a place, you ship to a person -- no matter where the person is.

Right now, shipping a package to an address involves writing the exact address on the package. Sure, you put the name on the package. But the shipping company or post office doesn't care about that. They deliver to the number, street name, ZIP code and other place-specific information.

Like all great on-demand services, Shyp makes things work better with an app. When you sign up for the app, you create a unique username. When someone ships a package to you, they address it to that username, not the address of a building.

You can track the package in the app. If you decide you're going to be somewhere else when it's scheduled to arrive, you can change the destination well after it's been shipped. The package will go wherever you are, not to whichever building's address is written on the label.

Shyp is also cool because of Uberfication. When you want to send a shipment, you snap a picture of the item to be shipped, and within 20 minutes someone shows up at your house to take it away. Shyp will do all work, they professionally package it at their warehouse and they’ll find the lowest shipping rate among carriers. This is possible because you are defined at your smartphone.

Right now, Shyp is limited to people sending from San Francisco, New York, Los Angeles, Miami and Chicago.

Another example of this trend is Instagram's new looping video app called Boomerang, announced last week.

The app lets you take very short videos, which are then sped up and looped forward to back seamlessly (they play for one second, then reverse and play backwards for a second, then forward again, etc.). Once you've created your video, you can post it to Instagram, Facebook, Twitter or some other social network.

Boomerang has no log-in process. It assumes that you're already logged in to the social networks you'll post to.

In other words, Boomerang defines "you" as anyone who has access to your phone.

The typical way to rent a car involves going to a car rental office, standing in line, then presenting your credit card and driver's license. That last document proves you're you. It's got a photo, a signature and a few personal details. If the rental car employee is convinced by it, you're good to go. A $30,000 object will be handed over to you.

The new way to rent cars, currently being tested in San Francisco, centers around the phone. Audi, for example, is testing a car rental service called Audi On Demand. You arrange for the rental on your smartphone. An Audi employee delivers the car, then leaves. To drive the car, you just walk out and use the Audi On Demand app on your smartphone to unlock and start the car. Your smartphone has control of the car, and as long as you’re in possession of your phone, it’s all good.

Another rental system, also being tested in San Francisco, takes smartphone authentication even further. A startup called Scoot, which specializes in electric scooter rentals, has a few four-wheel mini cars called Scoot Quads. You locate one to rent by using either the company's website or the Scoot app to learn where previous users have parked them. When you get to the Scoot Quad, you use your phone to start it and then you plug your phone into the vehicle and it acts as the dashboard.

Of course, this a temporary state of affairs. Systems won't be using phones to authenticate users for long. Fingerprint authentication is quickly becoming standard on smartphones, and it's only a matter of time before anything you do will require a finger scan. That will provide, for lack of a better term, two-factor authentication whereby you'll need both possession of a specific phone and possession of the correct finger. Currently, finger scanning is an optional way to gain access to a device; it's not required for use of most apps.

For now, however, the trend is to treat your smartphone as a proxy for you. Your identity is established by access to your phone. You are your smartphone.

(www.computerworld.com)

Mike Elgan