Why our digital future depends on identity and restoring trust
Check out all the Smart Security Summit on-demand sessions here.
Embracing a passwordless future is being pushed by some of the biggest tech companies, with Apple, Google and Microsoft committing to support the FIDO standard last May. Along with the digital ID bill reintroduced in Congress last July, we're about to take a giant leap from the password to a seemingly more secure digital future. But as we approach a post-password world, we still have a long way to go to ensure the security of our digital lives.
As companies continue to develop solutions to bring us closer to a password-free world, many have prioritized convenience over security. Two-factor authentication (2FA) and multi-factor authentication (MFA) methods such as SMS or email verification – or even the use of biometrics – have emerged as prominent alternatives to the name traditional username/password. But here's the catch: most of these companies validate devices on their own and don't leverage this technology properly, leaving the door open for bad actors.
The blind spots of biometricsCompanies using biometrics claim to use biometrics to secure and simplify account access, but there is an underlying question. Do they link an account holder's biometric data to the account itself or to the account holder? In many cases, the answer is that they use a combination of biometric data and legacy technologies. This exposes account holders to account takeovers and other fraudulent activities.
Another problem is that some verification companies use a one-time scan of the account holder's ID or other government-issued documents. They then link this data to an existing account that still uses a username/password, which the company holds. Security experts don't recommend this because static credentials create a false sense of trust. If breached, a user's account is still susceptible to identity theft and fraud.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereAnd then there's the flaw in facial recognition technology, which hasn't evolved to the point of being able to consistently log you into accounts. In recent years, studies have shown that the facial recognition technology behind many verification solutions often fails to recognize women and people of color, unfairly extending the time it takes to process login requests and potentially blocking the process. people's access to critical resources.
Verify people, not devicesToday's security domain uses the device validation approach. Biometrics and other security layers, such as 2FA/MFA, were never intended to identify the actual person behind the screen, which is a waste.
We know that these online security methods are only effective when you know who is using the device. Say someone pretends to be you and associates their fingerprint with your account, for example. In this case, it's convenient for the bad actor but a disaster for everyone else.
However, a competing philosophy is emerging: we need to validate people, not strictly devices. This new security philosophy is based on multi-factor identity (MFI). MFI fills the screw...
Check out all the Smart Security Summit on-demand sessions here.
Embracing a passwordless future is being pushed by some of the biggest tech companies, with Apple, Google and Microsoft committing to support the FIDO standard last May. Along with the digital ID bill reintroduced in Congress last July, we're about to take a giant leap from the password to a seemingly more secure digital future. But as we approach a post-password world, we still have a long way to go to ensure the security of our digital lives.
As companies continue to develop solutions to bring us closer to a password-free world, many have prioritized convenience over security. Two-factor authentication (2FA) and multi-factor authentication (MFA) methods such as SMS or email verification – or even the use of biometrics – have emerged as prominent alternatives to the name traditional username/password. But here's the catch: most of these companies validate devices on their own and don't leverage this technology properly, leaving the door open for bad actors.
The blind spots of biometricsCompanies using biometrics claim to use biometrics to secure and simplify account access, but there is an underlying question. Do they link an account holder's biometric data to the account itself or to the account holder? In many cases, the answer is that they use a combination of biometric data and legacy technologies. This exposes account holders to account takeovers and other fraudulent activities.
Another problem is that some verification companies use a one-time scan of the account holder's ID or other government-issued documents. They then link this data to an existing account that still uses a username/password, which the company holds. Security experts don't recommend this because static credentials create a false sense of trust. If breached, a user's account is still susceptible to identity theft and fraud.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereAnd then there's the flaw in facial recognition technology, which hasn't evolved to the point of being able to consistently log you into accounts. In recent years, studies have shown that the facial recognition technology behind many verification solutions often fails to recognize women and people of color, unfairly extending the time it takes to process login requests and potentially blocking the process. people's access to critical resources.
Verify people, not devicesToday's security domain uses the device validation approach. Biometrics and other security layers, such as 2FA/MFA, were never intended to identify the actual person behind the screen, which is a waste.
We know that these online security methods are only effective when you know who is using the device. Say someone pretends to be you and associates their fingerprint with your account, for example. In this case, it's convenient for the bad actor but a disaster for everyone else.
However, a competing philosophy is emerging: we need to validate people, not strictly devices. This new security philosophy is based on multi-factor identity (MFI). MFI fills the screw...
What's Your Reaction?
