In the seemingly unending search to find the next generation of devices and methods to replace passwords as authentication mechanisms, the various x-Based Access Control (Rules, Roles, Attributes, Context, etc.) which had been projected by one pundit or another to be the “killer app”
for secure access may be getting a run for their money from wearable, biometrics-based, token issuing devices. Join us to find out what’s new and what we recommend for today’s connected agile business.
In this discussion we will all work together to re-invent authentication.
Why? Because the industry has been adding more and more layers of complexity to the authentication process and rather than making our environments more secure it is having the opposite effect.
Utopia is an authentication process that is simple, memorable and secure, but existing methods of identification used by the majority of organisations, all lack at least one of these vital components.
So, with this in mind what should be the basis of our brave new world? Passwords offer simple way to authenticate, but with so many it is impossible to remember them all. So, we use the same password for multiple resources and rarely if ever change them, thus compromising their security. What is more, whilst password security is relatively low-cost to implement the cost of managing password resets can be expensive, with one financial services business reporting an annual cost at £331,200.
What about hard-tokens? After all, millions of pounds have been invested in them by vendors and end-users over the years, and the mighty Google has been recently touting the future of universal hard-token. Yes these deliver a higher standard of security than a PIN or password, but they are cost prohibitive for the majority of organisations and they are far from simple, especially for the user who will inevitably need to log on when they don’t have the device to hand.
The fundamental problem with all the vast majority of authentication methods being used today is that they ask you to keep a secret, but each time you want to logon you need to give it away, which means it is no longer a secret! What is more the company stores these secrets and if they are lost or stolen such as the recent Adobe incident, the repercussions can be lasting and severe.
So, if we are going to re-invent authentication here today we are going to need to use our brains, and I mean literally. We need to look at authentication with fresh eyes. How can we use the latest advances in pattern and image recognition for example, to ensure that a secret remains a secret during the authentication process.