The future of user authentication
Authenticating a user is required in many situations involving access to digital information, from logging into a device to performing financial transactions, viewing electronic documents or even when shopping on their favorite website.
Passwords have been an issue since the dawn of computing. They tend to be either so complex that no one can remember them, or so obvious that anyone can guess them.
Luckily passwords are not the only form of authentication, we are seeing many other authentication technologies driving the future of user authentication…
Other types of authentication:
A form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account.
A shared secret is a piece of data, known only to the parties involved, in a secure communication. This way, it’s not necessary to remember a password.
A personal identification number (PIN) is a numerical code used in many electronic financial transactions. Typically associated with a bank card and ATM.
Involves presenting the user with a matrix of cells from which they can select a personal identification pattern.
Involves the use of a smartphone to scan a QR code on a computer screen to login instead of typing a username and password. An encrypted mobile ID would be stored on the user’s phone, which tells the computer that they’re authorized to log in.
nIs a small hardware device that the user carries to authorize access and is typically used in addition to a password. It can be a key FOB, USB or cell phone.
The additional information is normally randomly generated and only valid for a few seconds.
Any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. These include:
Facial recognition • Iris scanning • Vein patterns • Voice recognition (doesn’t require a specialist equipment) • Finger print • Gait • Pulse – unique rhythm of the heart • Behavioral
|Digital ID / Digital DNA|
This is a comprehensive online digital identity that can be used to authenticate users by combining information relating to devices, anonymized identity information and behavior patterns.
Digital ID’s are unique data points that make up a user’s digital DNA.
*Two factor authentication requires a combination of two authentication methods.
Biometrics are becoming more prevalent and have proven extremely effective, but they are not foolproof yet and require specialized equipment.
Digital identities are unique as they leverage the infinite number of connections users create when they transact online.
As these authentication technologies mature, additional considerations are added to make sure they are secure. For example “Liveness detection” guards against criminals stealing your fingerprint, or cutting off your finger.
For many of the newer technologies, there is often a fall back to a PIN or password though.
Realistically, the traditional authentication methods will be here for a while or at least used in conjunction with newer technologies. There is however an important shift taking place to find new and better solutions.