View all on-demand sessions from the Intelligent Security Summit here.
Adoption of a password-free future is being hyped by some of the biggest tech companies, with Apple, Google and Microsoft committing to supporting the FIDO standard in the past Be able to. Together with the Digital ID account reintroduced in Congress last July, we are about to take a giant leap away from the password into a seemingly more secure digital future. But as we approach a passwordless world, we still have a long way to go to ensure the security of our digital lives.
As companies continue to develop solutions to bridge us into a passwordless world, many have put convenience before security. Methods of two-factor authentication (2FA) and multi-factor authentication (MFA), such as SMS or email authentication – or even using biometrics – have emerged as leading alternatives to the traditional username/password. But here’s the catch: Most of these companies only validate devices and don’t make good use of this technology, leaving the door open for bad actors.
Contents
The blind spots of biometrics
Companies that use biometrics claim to use biometrics to secure and simplify account access, but there’s an underlying question. Do they link an account holder’s biometrics to the account itself or to the account holder? In many cases, the answer is that they use a combination of both biometrics and outdated technology. This exposes account holders to account takeovers and other fraudulent activities.
Another problem is that some verification companies use a one-time scan of the account holder’s ID or other government-issued documents. They then link that data to an existing account that still uses a username/password that the company owns. Security experts don’t recommend this because static credentials create a false sense of trust. If a breach occurs, a user’s account is still susceptible to impersonation and fraud.
And then there’s the shortcoming of facial recognition technology, which hasn’t progressed to the point where it can consistently log you into accounts. In recent years, studies have shown that the facial recognition technology behind many authentication solutions often fails to recognize women and people of color, unfairly increasing the time it takes to process login requests and potentially blocking people’s access to critical resources.
Verify people, not devices
Today’s security domain uses the device validation approach. Biometrics and other layers of security, such as 2FA/MFA, were never intended to identify the actual person behind the screen, which is a shortfall.
We know that these online security methods are only effective if you know who is using the device. Suppose someone impersonates you and, for example, links their fingerprint to your account. In that case, it’s useful for the bad actor, but a disaster for everyone else.
However, a competing philosophy emerges: we need to validate people, not strictly devices. The driving force behind this new security philosophy is Multi-Factor Identity (MFI). MFI fulfills the vision of a secure and passwordless future by knowing someone’s real identity online – the missing link to protect accounts and reduce fraud.
While biometrics and 2FA/MFA are important steps, the future of account security rests not only on them, but on technology that eliminates these issues by authenticating people, not devices. The most effective approach is to pair real-time authentication measures with a government-issued ID to authenticate users.
A more humane and safer internet
There is a bigger vision here regarding online security, which MFI is helping to achieve. It’s the idea that we can build a more human, more secure internet through identity verification – and ultimately a more trustworthy digital experience.
Today’s online world lacks trust. Going back to the early days of the internet and computers, it was a smaller group and more trusting community where networked computers gathered, run by famous people. You could more easily know who someone was and where a password could reasonably protect an account and the user. But as the Internet has grown, that trust has all but disappeared.
And it’s hard to regain that trust, both online and over the phone, without knowing the identities of others. Trust is the most important thing these days, especially if we are to deliver on the promise of emerging digital spaces such as NFTs, the metaverse and more. Our digital world is vast and growing so fast that the metaverse could drive it to a breaking point without more familiar ways to identify each other.
We’re excited to see the increasing adoption of technology that solves the problem of helping businesses trust their users’ identities and unlock faster, more secure account access. MFI can help us do that by restoring the confidence that helped start the internet and now making sure it’s sustainable.
Aaron Painter is CEO and founder of Nametag.
Data decision makers
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.