Authentication and it’s evolution

In today’s world of increasing digital crime and internet fraud many people will be highly familiar with the importance of online security, logins, usernames and passwords but if you ask them the question “What is strong authentication?” the likelihood is they will not know what it is or how it works, even though they may use it every single day.

With standard security procedures (especially online) only requiring a simple username and password, it has become increasingly easy for criminals (either in organised gangs or working alone) to gain access to a user’s private data, such as personal and financial details and then use that information to commit fraudulent acts, generally of a financial nature.

Two Factor Authentication, also known as 2FA, is an extra layer of security that requires not only a password and username but also something that the user has on them, such as a physical token.

Using a username and password together with something only that user owns makes it harder for potential intruders to gain access and steal that person’s personal data or identity.  The experience must be painless to encourage users to make it second nature.

Recently smartphone manufacturers have started to release biometric authentication features, such as fingerprint or facial recognition for unlocking your phone. More importantly they have made the action of authenticating oneself an everyday pain free occurrence, that most phone users have no objection to doing.

Biometrics rely on a strong identity, or credential, that is stored locally on a device and used to authenticate to the server side. This prevents biometric data from being stored on actual servers while still leveraging its convenience to access a device. It also provides a flexible form of identity verification for a new concept called continuous authentication.  Using voice and facial biometrics, systems can continually authenticate users throughout a session, without alerting them that they’re being monitored, which enables a transparent and seamless user experience.

Say an employee is working on a laptop they logged into using facial scanning technology. Throughout the entirety of the day, the facial scanning technology can perform regular checks to ensure that the worker’s identity is still legitimate and the session hasn’t been overtaken by someone else. Once enterprises adopt this new authentication method, it will be particularly useful for organisations with remote workforces to enable secure access anytime, anywhere.

Facial authentication is only the beginning of a new wave of biometric enterprise security. Additional continuous authentication technologies that are being developed include:

  • An electrocardiogram (ECG), heartbeat or BioStamp can turn a user’s heartbeat into a unique differentiator that authenticates their digital identity. Whichever system or service a person is using, they could gain real-time access to their vital signs in order to verify the user throughout the entirety of a session or transaction.
  • A person’s gait, the way in which they walk or carry their phone, authenticates them in real-time and ensures they are present when a transaction is happening. This can range anywhere from an employee walking into an office or a consumer banking on their mobile device.
  • Behavioural biometrics analyse user behaviours such as the pressure someone puts on a device screen, user navigation of apps, cadence of typing, swipe patterns and the time typically spent on a session.

In addition to biometric data, inputs used for continuous authentication technology include device reputation, geography of the user and transaction type.

For the enterprise, biometric and continuous authentication protect against fraudulent activity such as social engineering, account takeover and malware. Accelerated by the iPhone X’s FaceID, user acceptance of biometrics will have a massive security impact on industries – such as government, manufacturing, healthcare and financial services – that need to prevent unauthorized access to critical data.

Entrust Datacard are at the fore front of this new world of continuous authentication and helping shape the way that organisations and consumers will be safely accessing data in the future.