Versatile authentication is one of the hot topics in IT - more and more vendors start to support it in some way or another. Versatile, a not that common term, means the ability to flexibly switch between different authentication methods. In practice, versatile authentication solutions shall support at least the following features:
- Flexible use of different authentication methods.
- Simple plug-in of additional authentication methods, e.g. extensibility.
- Flexible interfaces for applications OR integration with existing technologies which interface with other apps.
- Support for step-up authentication and other more advanced approaches.
The business value is easy to describe: Reusing existing strong authentication technologies for more use cases makes things cheaper. Being able to use expensive very strong authentication where required but relying on other, cheaper, and appropriate technologies in other use cases reduces costs. Logistics for reused strong authentication technology is cheaper. All use cases, including external users like customers and suppliers, can be supported.
The interesting question is about where to add versatile authentication. There is an increasing number of approaches where we observe versatile approaches:
- Specific platforms for versatile authentication: These tools frequently are provided by vendors of strong authentication technologies to enhance the flexibility of their solutions. Sometimes they are part of the context-/risk-based authentication market.
- Enterprise SSO: Given that E-SSO is a point of authentication to many applications, it makes sense to support versatility there - to allow a strong, graded authentication to different applications.
- Core OS: The primary authentication is another area. What has been common in Unix/Linux environments for a long time is well supported in Windows environments since Windows Vista as well, replacing the error-prone, inflexible GINA approach. In fact that is versatility built into the OS.
- Web Access Management: Another SSO point, counterpart to E-SSO.
- Context/Risk based authentication platforms: They usually support as well at least some degree of versatility.
Going one step further and looking at the title of this post: Yes, I think that versatile authentication is the key to mass adoption for strong authentication because it allows for reuse and flexibility. Instead of deciding on one approach, which either is sort of "overkill" for many use cases and leads to high costs or isn't secure enough for other scenarios, there can be a mix of technologies. And, beyond that, there is a much easier fallback (think about forgotten/lost tokens) and step-up (think about high-value transactions and access to very sensitive information). Customers can be integrated easier with simpler approaches like soft-tokens, using stronger technologies only in specific scenarios. And new approaches like the upcoming German nPA (national electronic ID card) might be integrated easily as just another approach for strong authentication. And especially the upcoming eID cards in many countries are a strong authentication mechanism which will be widely available.
Thus: When thinking about any investment in strong authentication, don't forget to build this on a versatile approach.
Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]