February 3, 2020

Unbreakable Authentication

“Unbreakable” claims have been pervasive since the dawn of advertising. Claiming that something is unbreakable is the ultimate testament to longevity and value and therefore desired especially by all when making any type of investment that has a bearing on security. However, it seems that “unbreakable” has for the most part been completely elusive. Is 2020 the decade where we may finally see an unbreakable authentication solution that can ensure only “you” can be “authenticated as you” and no one else?

Digital Identity Authentication Primer

Since the dawn of computing, a program wouldn’t let a user in until they successfully passed the challenge of

LOGIN: ????

PASSWORD: ********

It wasn’t until 1997 that the first two-factor authentication patent was granted to Kim Schmitz (the notorious Kim Dotcom). From there, according to Wikipedia there are 7 types of multi factor authentication techniques available now:

  • Knowledge factors: using something you know like your login and password as well as the answers to specific questions like the name of your first pet
  • Possession factors: using something only you have such as a card key
  • Disconnected tokens: using some type of built-in screen to generate something manually typed in like a captcha
  • Connected tokens: using a physical device that needs to be connected to the resource to gain entry like with USB keys, wireless tags or smart cards
  • Software tokens: using a certificate loaded onto the device and stored securely
  • Inherent factors: using biometric factors like fingerprint, voice, retinal or face scan
  • Location-based factors: using your physical location based on GPS coordinates

The net result is the drag it takes to gain access to anything digital today. The more factors of authentication may equate to more security but also equates to a lot of time wasted remembering and passing through those levels, not to mention the help desk costs for resetting those forgotten.

You can also check out what we have discussed on the evolution of identity authentication before understanding how things will evolve in 2020 and beyond.

Digital Identity For The New Decade

With a new decade comes a slew of new predictions and dreams of what can or at least should be for the future of identity and access management. The Journal Of Cyber Policy offers these 8 predictions for identity and access management in 2020:

  1. IAM is the new perimeter, and it is harder than you think: With everything now in the cloud having identity and relationships, approaches and strategies from the datacenter world don’t transfer, and companies need to rapidly invest in the process and in supporting tools (including automation) to stay ahead in this complex landscape. The repercussions of poor IAM governance are substantial and sometimes unpredictable.

  2. 2020 will be the beginning of the end of passwords: Gartner estimates that 60% of large and global enterprises, as well as 90% of midsize organizations, will leverage passwordless methods in over 50% of use cases by 2022

  3. Unified, third-party identity providers become the gold standard to streamline and secure the user experience: the U.S. will balance the need for security with the importance of a seamless user experience. The U.K. Postal Service currently uses Digidentity as a method for consumers to quickly and securely obtain access to postal services, and it would not be surprising to see similar concepts take off in the US.

  4. By assigning identities to connected things to secure and manage them, they will become first-class citizens in 2020: device providers will cease to prioritize connectivity over security in their projects. In fact, security will be integrated at an earlier phase of the development cycle, and devices will have identities assigned to them from square one in order to effectively and efficiently secure and manage IoT security incidents.

  5. Blurred Lines: Corporate and Personal Identity Will Converge: the rise of bring your own device (BYOD) culture in the workplace and the access to personal accounts, corporate and personal identities have started to become one and the same.

  6. Digital identity solutions will help financial service organizations and banks meet a variety of regulatory demands in 2020 while also maintaining strong customer relationships: Regulations like KYC (know your customer) and AML (anti money laundering) have created necessary but sometimes lengthy processes for banking and financial service organizations, resulting in a compromised customer experience (the average customer onboard process takes an average of 26 days to complete).

  7. Identity validation will be a major challenge across the entire security sector: In 2019 we saw enterprises and security vendors increasingly wake up to the importance of identity and access management (IAM) as an integral component of enterprise security, and for good reason. But granting access is just one slice of the cybersecurity “identity crisis.” Every person, phone, computer, and IoT device has an identity that must be authenticated in order to establish trusted communication.

  8. DMARC adoption will grow across industries: Expect continued increase in Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption. DMARC is a vendor-neutral authentication protocol that allows email domain owners to protect their domain from spoofing, and the number of domains using it has grown 5x in the last 3 years.

Bottomline is that 2020 will bring about long-needed changes in IAM and the best of which may be the rise of unbreakable authentication.

Unbreakable Authentication

Unbreakable or immutable authentication sounds like a unicorn, but in fact it is achievable today. New continuous behavioral authentication solutions have the benefit of ensuring proper authentication before during and after authorization but also don’t rely on passwords or the drag or multiple interactions (MFA) with things remembered, held or inferred. Privatively and securely tracking behavior ensure you are you when digitally authenticating.  While this may sound invasive, it is no different than how your credit card companies protect you against fraud.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019  today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

Download EMA Top 3 Identity Management Report

identity Access Management continuous behavioral authentication passwordless authentication