Authentication of Tomorrow

By   Information Security Buzz Editorial Staff
Chief Editor , Information Security Buzz | May 22, 2016 06:00 pm PST

Merging worlds

The merging of the organic and digital worlds is undoubtedly gathering pace. As humans, we ourselves are now huge consumers of technology, which has led to patience being a virtue for very few. However, this patience is being tested on a daily basis. Just one example is the login process we have all become accustomed to. The average amount of characters that a staffer needs to tap in prior to gaining access to the business applications they want is often as many as 30, especially in worse case scenarios where they are forced to use an email address as a login which can bring the count to more than 40.

Not only can legacy authentication methods such as the above – which rely squarely on login and password entry – be circumvented by the login information being stolen and using it to impersonate the user, but the time they are taking is causing frustration for the user. So, what can forward thinking, agile businesses do to keep up with this paradigm shift in expectations and keep their staff happy, whilst their systems secure?

Bionic humans

One of the areas we are seeing increasingly is biometric authentication. Until recently, most mainstream examples of biometric recognition as an authentication method have been based on fingerprint, palm, iris, facial or voice recognition. However, biometrics is now being taken a step further, with some financial institutions trialling using a person’s walking gait to identify them and offer them relevant services as they walk into the branch.

The organic and? digital worlds have been further ineradicably linked since the launch of the Apple Watch, which turns itself off when you remove it from your wrist due to it not being able to read your heartbeat. There has also been several trials recently with NFC enabled chips being implanted under the skin so that a simple swipe of the hand can be used for anything from contactless payments to checking into an airport lounge[1].

Going for gold

In the consumer realm and buoyed by the success of the likes of Apple Pay, contactless payments have become increasingly popular. In fact, research from the UK Cards Association suggests that consumers are now making over 60 contactless transactions a second[2]. To help facilitate this trend, all of the 4,000 point of sale (POS) terminals at the upcoming Rio Olympics have been made contactless-enabled; letting fans wipe, tap, dip or click to pay at all of the venues and fan parks[3].

Businesses are now looking to leverage this contactless payment user experience into the business realm through the use of technology such as near field communication (NFC). The next logical progression is surely to use the action familiar now to many of touching one device with another device (think of your tablet or laptop) to qualify and pay for your shopping order instantly.

Enterprise grade security

The bring your own device (BYOD) trend of recent years has become indelibly implanted into the modern office environment. Because of this, it is important that businesses are not only able to protect the various end points but enable them to become a productive part of the technological ecosystem. Businesses want to be able to say to their staff that they can choose what device they want to use confident in the knowledge it won’t compromise security.

However, because of the propensity for staff to change their device of choice every couple of years, it is important that lifecycle management is built into any security strategy (i.e. the easy set up and deletion of files and apps).

2FA in the future

Surely, it is now time to give staff the Apple Pay experience in the business realm, giving staff enterprise authentication via two factor authentication (2FA). 2FA requires not only a password and username but an additional component which could be something that the user knows, something that the user possesses or something that is inseparable from the user. It is now incredibly popular and has become the system favoured by seven of the ten largest social networking sites[4] (including Facebook, Twitter and LinkedIn) as their authentication method of choice.

Amazon has recently taken the ‘something that is inseparable from the user’ component of 2FA a step further and has filed a patent to use photos or videos of a user’s face as a way to approve their online purchases, meaning the Seattle-based e-commerce giant could soon let you purchase products by taking a selfie.

The authentication of tomorrow

Whatever the additional component may be, the delivery mechanism for the authentication of tomorrow is almost certainly going to be the mobile device found in all our pockets. Now, with 2FA technology such as ours, push notifications that pop up on your phone (like we are all used to with social media apps such as Facebook) and then push authentication back (i.e. automatically send back the authentication code) are being used. Further, even if you are offline, the system will know that after a few seconds of not receiving the request from the device, it will need to text a six digit code that the user can type in to the login screen of the app to prove they are who you say they are.

With 2FA combined with NFC connectivity, authentication can be reduced down to just a couple of taps, not the thirty or more required by legacy authentication methods disliked by employees. Easing user frustration whilst boosting security credentials.



[su_box title=”About Steve Watts” style=”noise” box_color=”#336588″][short_info id=’60453′ desc=”true” all=”false”][/su_box]