This content is part of the Essential Guide: Advances in access governance strategy and technology
Manage Learn to apply best practices and optimize your operations.

Say hello to the future of authentication, bye to passwords

Years back, experts predicted that there would be no place for passwords in the future of authentication. However, passwords are still around and next-generation authentication methods are encountering some challenges. These obstacles are the focus of this webcast.

Patterns of authentication

Authentication is the process of confirming that a user is who he or she says they are. It's an element of access control and governs who gets to do what when it comes to a company's website or system. Here are the three ways to authenticate a user:

  • Knowledge factors
  • Ownership factors
  • Biometric factors

Knowledge factors are things you know about the user; the user can be verified with pieces of knowledge like a password, PIN or a personal question. The trouble is that hackers can pretty easily attain this type of knowledge. It can be as simple as going to the victim's Facebook page and discovering his or her pet's name, for example, and other personal information.

Ownership factors are a bit less penetrable, which is one reason they will be part of the future of authentication. Ownership factors are something the user possesses, such as an ID card, a software or hardware token or a phone. But cards and tokens are just more things that users have to carry around with them, which is why the mobile phone is now the favorite ownership factor. Even a user with this type of ownership factor, however, must ultimately be authenticated by a user name and password.

And the winner of the future of authentication is…

Increasingly, methods of authentication that employ biometrics are being rolled out. The advantage of biometrics in future authentication methods is obvious: They don't require users to remember passwords or carry tokens. Biometrics factors include facial and voice recognition and fingerprints and behavioral biometrics such as keystroke metrics. Users prefer these for ease of use.

Watch this webcast, and you'll learn how security expert Michael Cobb views the future of authentication. He discusses why he thinks voice recognition will most likely be the chosen factor among the three categories of future methods of authentication. In addition, you will learn other factors that are capturing more acceptance in the world of authenticating users.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What methods of authentication does your organization use to ensure data protection? Are you contemplating biometrics?
Please keep in mind that some states, like Illinois, require that if you collect these biometric items they need to be secured and protected the same as electronic patient health records. For organizations that are not familiar with HIPAA or HITRUST and are in those states, I woudl suggest getting familiar rather quickly if you go down this route.
Unfortunately, until the Supreme Court comes down with a decision or Congress passes a law protecting users, IMHO biometrics should be strongly opposed by citizens. Some of the lower courts and appeals courts have already held that using a biometric (e.g. fingerprint) is something you are, not something you know. Thus, the user is not currently adequately protected by the 5th amendment; i.e. they can open the device/file/etc by using your fingerprint/eye scan/etc., whereas you cannot be forced to give your password. I am concerned that this "small crack in the door" will eventually lead to other invasions of privacy or misuse by government or others. I'd rather have a criminal go free than potentially lose further freedoms.