Kalles/Group Articles
Fingerprint on digital screen, 3d render

Password 2.0 – The future of identity verification

In this day and age, we are all too familiar with having to associate passwords with our computers, applications, email, online banks, etc. Identity fraud remains a serious concern for both individuals and businesses. Our identities are verified almost exclusively by one of two methods—things that you carry with you, such as a driver’s license or passport, and things you remember, such as passwords and PINs. Unfortunately, physical identification is easy to fake, and passwords are easily hacked, thereby compromising security to our credit cards, bank accounts, and personal data.

Significant adoption to the Internet of Things (IoT) is making securing identities more important than ever. According to the BI (Business Insider) Intelligence Survey conducted in the last quarter of 2014, 39% of the respondents said that security is the biggest concern in adopting Internet of Things technology. (We Asked Executives About The Internet Of Things And Their Answers Reveal That Security Remains A Huge Concern).

So, what does the future hold for identity verification?

Multi-factor authentication

Multi-factor authentication has gained popularity as an added layer of security, and the market is expected to grow to $1.6 billion by the end of 2015. Some U.S. regulators have started requiring multi-factor authentication in large institutions as the frequency of cyber-attacks continues to increase. This requirement could potentially result in a loss of corporate productivity if traditional methods, like manual entry of authentication tokens received via SMS, are used.

There is an increasing number of security companies devoted to specializing in managing passwords and private information. For a list of the best The Best Password Managers for 2015, see The Best Password Managers for 2015.

One such company, Keeper, has created Keeper DNA Authentication, a revolutionary identity verification platform that uses wearable devices, connected objects and IoT devices to confirm a user’s identity for accessing their Keeper Vault.

According to Keeper, “users create a profile that defines who they are based on a combination of biometric factors and devices that they own and have previously authenticated with. It can be thought of similar to the DNA in the human body; a unique “strand” of molecules (in this case, devices and physical factors) that identify a person. With Keeper DNA Authentication, access to a user’s private information is determined by physical elements of the user’s body, such as a fingerprint or retina, or proximity to wireless devices, such as a smart thermostat, smartwatch or wifi network. The combination of these biometric factors, connected objects and IoT devices create a unique profile for the user. It’s also far easier and more secure than cumbersome multi-factor authentication methods, which usually require manual entry of a code received via a hard token (e.g. key fob) or to a smartphone via SMS or voice. These manual steps are no longer required because Keeper DNA Authentication identifies and verifies the user automatically based on their chosen list of trusted factors. Several factors require close proximity to the user, isolating and securing against a remotely-located hacker.”

The use of mobile devices as ID credentials

Using mobile devices, such as your phone, as ID credentials are becoming more widespread, and will be contingent on having a secure device that is trusted by issuers, governments, and end-users alike.

The key appeal of a mobile-based solution is its ability to become a multi-factor verification platform by harnessing the attributes of a secure chip, whether that is an embedded secure element, UICC or smart microSD card. The device can then authenticate a person’s ID with one-time passwords, biometrics, and digital certificates, depending on the security requirements of a specific application.

One example of an industry taking successful advantage of this technology is the travel industry, as many airlines have already implemented boarding passes for use on mobile phones. Flight operators report that these help to streamline administration, improve efficiency, and reduce costs.

At the same time, end-users can benefit from a user-friendly experience, with the convenience of easily managing their travel itinerary via their mobile devices. In terms of national security, higher levels of identification, achieved through the secure chip-based mobile application, further support efforts to reduce fraud and secure borders.

Biometrics are the future of identification, and the future is almost here

While fingerprinting (mostly criminals) is over a century old, it wasn’t until after 9/11 that the use of biometrics spread rapidly, in an effort to protect our borders.

Today smartphones and tablets already employ some form of biometric identification to keep our personal data private. For example, have you ever used your thumb to unlock your iphone?

However, there are downsides to biometrics as well. While you can trash a password or PIN and create a new one, you can’t do so with biometrics, and that info is there to stay. Raging debates about the usage of our biometric info will fill the next couple of years. Did you know that Facebook currently has the largest biometric face recognition program in the world? Once you’re in the system, there’s no real way of getting out.

So, while we are making strides towards coming up with better ways to identify ourselves and protect our information, I’m afraid the question “Will the password become obsolete in the near future?” is yet to be decided.

What are your thoughts/opinions on identity verification?