Client App Nirvana
Something I don’t appreciate enough is how straightforward it is to install and maintain an app on my phone. Here are the standard steps:
1) Go to the appropriate “store”
2) Easily search for a name or functional description
3) Check out the reviews and rankings
4) Download it by clicking a button
5) Prior to install, a list of permissions the app requires is displayed (easing any innate paranoia)
6) After install, I can choose to have it upgrade automatically or be notified when they’re available
App stores are relatively new, so they have learned from the decades of pain and misery associated with Windows software installation. Rather than have an overly complex API & event model that has to deal with privilege escalation to ensure the modifications occur as an appropriate identity and the very real possibility of “DLL hell,” the stores standardized on a much more central, loosely structured model. It also helps that backwards compatibility requirements aren’t degrading things to a lowest common denominator or mode of operation.
Why can’t client-side software on a desktop behave this way? Why can’t we deal with thick clients as just another “app?” In an ideal world, installing software on a Windows PC would install and behave like a phone app. Windows introduced “gadgets” back in Vista and those have sputtered to a quick end with the advent of the Metro interface in Windows 8.
The ability to install third party software on workstations is perhaps the single biggest factor why PCs rose to their current level of prominence. There will always be shortcomings with the built-in capabilities of a workstation, so being able to install software to address specific issues extends its shelf life and usefulness. As an example, PortalGuard’s PassiveKey feature is a two-factor implementation that securely utilizes a user’s workstation as a physical 2nd factor in place of a phone or hardware-based token. This requires software on the workstation and has been available as a MSI package for years, allowing a company to easily push it out to machines under its control but does not work as well for individual, on-demand installs.
This is the reason why we are currently in the process of creating a PassiveKey one-click installer optimized for installation directly from a web browser. Using the more modern app stores as our model, we expect this to make PassiveKey’s uniquely usable form of secure 2FA more accessible to more people.