Please find the comment below, from Andy Cory, Identity Management Services lead at KCOM as part of our security experts comments series on latest cyber security news.
Andy Cory, Identity Management Services lead at KCOM:
“There has always been a conflict between security and convenience. Consumers are increasingly irritated by intrusive authentication measures, including obscure security questions and complicated passwords. They want their lives to be made constantly easier, so are happiest using apps and services that are both simple and fast to log into. However, they may fail to understand that the smoothest logins are compromising security for the sake of that convenience. All too often this ends in disaster, as we have seen with Timehop this week.
“It is time we found a balance between these tricky demands. The future of secure authentication is certainly multi-factor, but it should also aim for low friction. To improve customer experience without reducing security, authentication strategies should be both integrated and simple.
“An example of this would be an ‘adaptive’ authentication mechanism that reviews a combination of factors such as geographic location, source IP address, device fingerprint as well as a password before allowing the user access. Most of this information can be obtained from the device being used, while the consumer only has to provide their password. This gives multi-factor authentication where the user is only aware of one factor.
“If an authentication platform determines that the person trying to log in using your username and password is doing so from the device you usually use and from the location from which you usually log in, that gives a good indication that it’s really you. This means the platform doesn’t feel the need to ask you to provide the middle name of your favourite cricket player, or the colour of the first pair of socks you ever bought, before trusting that you are indeed you.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.