Despite multiple shortcomings, passwords remain the most common authentication method for accessing financial, e-commerce, healthcare, and an array of other services. People generally prefer passwords over more secure authentication methods, due to their convenience and ease of use.
Despite the best efforts of security experts, passwords reign as the primary way for people to verify their identity online. “However, as we all know, passwords are easily compromised and forgotten, leading to both security issues and pressure on IT resources,” observes Ian Mulholland, an analyst in the security, risk, and compliance team at the IT research firm Info-Tech Research Group.
Security professionals know that username/password approaches to managing identity risk and authentication are obsolete or, at best, severely compromised. “So, these processes are [now] changing,” says Dan Barta, principal enterprise fraud and financial crimes consultant at analytics software firm SAS.
Digital Identification Technology
For decades, people have carried various forms of physical identification, such as driver’s licenses, health insurance cards, and passports. Emerging digital ID technology attempts to replicate this concept in the online world. “This could mean having digital versions of traditional physical documentation,” Mulholland says.
With digital ID, individuals are verified via an authoritative entity, such as a government body or global consortium, after proving they are who they claim to be. “The digital ID is then stored in some sort of ‘digital wallet,’ which may be accessed in multiple ways when permission is granted by the subject,” says Doug Saylors, co-leader of the cybersecurity unit of global technology research and advisory firm ISG.
Put simply, digital identity is a person’s online profile, Barta says. Digital identity is derived from web-accessible personal data that can be traced and connected to a given individual.”
Digital ID, when combined with a Zero Trust Architecture, aims to provide a strategic approach to cybersecurity that secures a user by continuously validating every stage of a digital interaction. A digital ID would move users away from simply typing in a password to validate identity. Instead, a combination of factors would be used to validate and continuously verify an individual's identity throughout the duration of their interactions with a service. “Establishing additional methods and complexity to an online service or resource decreases an attacker's ability to gain access to that system,” notes Matt McFadden, vice president, cyber, at General Dynamics Information Technology (GDIT).
Read the rest of this article on InformationWeek.