The Future of Authentication

  • Written by Carl Mazzanti
 

Padlock in CircleThe Future of Authentication

We’ve been saying it for a while – static passwords are on the verge of extinction – so where will business go for its future authentication solutions?

According to Gartner …
The Gartner Group predicts that in the next two years alone, two million US consumers will be using two-factor authentication at a few major ISPs and online communities. They further predict that this practice will become mainstream for securing Web application access across the majority of service providers within the next five years. This huge organic growth will come about as the broader market takes its lead from the ISP/portals, online banks, brokerages and gaming organizations who are already successfully incorporating strong authentication into their core offerings.

It’s not just one technology
Businesses are finally starting to discover that they can open up their networks and begin working with customers and partners in ways that would currently be giving them security nightmares without the foundation of strong authentication. And though they won’t all take the same approach, with a strong authentication solution at their network core, they can create, trust and engage in circles in ways that are comfortable not just to them, but also to their partners and customers.

Some will look to federated identity management, others to specific I&AM solutions, others to new virtual federation approaches – and maybe some combinations. Slowly at first, then at a much greater rate, the early single networks will spread to become an overlapping network of networks, all able to accept the same trusted identities.

We are fully aware that no single technology or approach will optimally address all scenarios. In fact there will continue to be a vast diversity of authentication technologies, such as current options that include hardware and software tokens, smart cards, digital certificates and biometric methods. In the quest to provide even greater protection, ease of use and convenience, here are some of the additional paths that industry is exploring.

Knowledge-based authentication
Users authenticate based on what they know and what they’re able to do. They can present data elements based on personal preferences and history, such as data from their transaction history on a personal account. The key is that they need to be able to access some out-of-band mechanism — or memory — to which an impostor is presumed not to have access.

Authentication with connected devices
The notion of connected authenticators will expand from USB-based tokens to include wireless connections based on proximity technologies such as Bluetooth® wireless technology, Infrared, Radio-Frequency Identification (RFID), even sound. Widely-deployed devices such as mobile phones and PDAs hold the potential to serve as the authentication device working within these wireless personal area networks. The introduction of e-passports and drivers’ licenses incorporating RFID also holds tremendous promise to provide strong authentication in a wide range of personal and business scenarios.

Mutual authentication
This will combat such attack methods as phishing by requiring that the business authenticates to the user as well as the user to the business. This solution will keep an illegitimate site from soliciting password data. It will also give users a more trustworthy interface for entering passwords and other personal information, ensuring that better security protocols such as zero-knowledge password authentication or password hashing are automatically employed.

Authenticating the device
While authenticating the user is critical, it is not sufficient. Future users will need to authenticate through trusted computing platforms that will in turn represent the user to the network. Today there is no easy way of identifying what types of devices can connect to the network and when an organization cannot identify or manage a device it weakens the entire network. In order to create a fully-trusted environment, the organization needs to control not only the individuals but also the devices that are given access to the network.

One day in the future…
Not too long from now you’ll enter your corporate building and take the lift to your office, never having to unlock a door or present any ID – the RFID-enabled employee badge in your pocket does all that for you. Its credentials are also recognized by your PC as you walk in, so with a single password you gain access to your email, applications, online corporate resources, even your partners’ extranets.

To download e-tickets for your next business trip you log-in to your external travel office and authenticate by selecting the three cities you are most likely to visit, not those you have most frequently visited.

On leaving the office for your car, your Bluetooth-equipped keyless entry system identifies you as you approach it.

When you arrive home your alarm system automatically disarms at the sound of your voice and the lights come on in welcome.

These approaches to authentication are just a few examples of where our industry is going, but many others are also in development. Precisely which methods come out on top and for which purposes remain to be seen, but one thing is for sure — our pedigree in strong authentication solutions will put us and our partners among the winners in these dynamic developments.

from RSA newsletter

 

Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, Microsoft’s four time Partner of the Year and one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. Carl and his company manage over 400 active accounts ranging from professional services firms to high-end global retailers.

eMazzanti is all about delivering powerful, efficient outsourced IT services, such as computer network management and troubleshooting, managed print, PCI DSS compliance, green computing, mobile workforce technology, information security, cloud computing, and business continuity and disaster recovery.  

Carl Mazzanti is also a frequent business conference speaker and technology talk show guest and contributor at Microsoft-focused events, including frequent prominent roles at the Microsoft Inspire (Worldwide Partner Conference / WPC).

Carl, a serial Entrepreneur, gives back to the community through Entrepreneur teaching engagements at Georgetown University, the company’s ocean wildlife conservation effort, the Blue Project, and Tree Mazzanti.

SHARE:

Facebook
Twitter
LinkedIn

Microsoft Master Class Workshops

Microsoft-Teams-Workshop-cta-2

Microsoft Teams & Cloud Backup

Microsoft Azure Workshop

Microsoft Azure & Cloud Backup

Microsoft-365-Security-Workshop-cta

Microsoft 365 Security & Cloud Backup

Limited Spaces Available – Sign Up Today!

Resources

View all resources 

Video Resources

Are You It Resources Effective In The New Normal

VIDEO/WEBINAR

Are Your IT Resources Effective in the New Normal?

Align2020 A Virtual Conference

VIDEO/VIRTUAL CONFERENCE

Align 2020
Cyber Security, Compliance & Collaboration

Best Practices For Working In A Modern, Mobile, And Secure Environment

VIDEO/WEBINAR

Best Practices for Working in a Modern, Mobile, and Secure Environment

Popular on the blog

Green Computing Recycle

How can Green Computing Energize Your Business in 2020?

pros and cons terminal services

Pros and Cons of Terminal Services for Business

compliment customers

How to Compliment Your Customers With Positive Statement

NEWSLETTER

Categories