The battle for identity security

The battle for identity security

09.09.2021
Hands up – say the password! The password authentication method has proven to be vulnerable, and is therefore often supplemented in many cases through the use of higher authentication factors. What trends await us in IAM? Identity verification using a selfie? Why not?

In the last article, we mapped the IAM area and its parts. We already know that IAM helps organizations manage user identities and regulate user access. IAM tools allow administrators to change user roles, monitor their activities, create reports, and adhere to corporate principles. Properly set-up access and authentication processes are becoming the standard that keeps many companies in operation. The issue of security is a hot topic these days, and in these difficult times we therefore want help our clients manage and make life easier for their employees.

Identity verification

Many of us don’t even realize that the act of restricting access to information is older than humanity itself – even predators keep secrets about their lairs or prey and only shared this information with legitimate colleagues.

Probably the best known and most commonly used authentication technique is the use of a password. This method of identity verification has been used since ancient times, where patrols required a secret password for entry. Today, we are exposed to the authentication process on a daily basis, and the use of a password is still the most common method. However, can passwords still be considered a secure authentication method?

Multifactor authentication

With increasing security threats, the use of a username and password is becoming insufficient. A significant change was the inclusion of multifactor authentication (MFA) in IAM products. MFA combines security in three authentication factors:

  1. Knowledge factor – this is the user’s knowledge, which can be, for example, a password or a debit card PIN.
  2. Ownership factor – something that the user owns. This could be a mobile phone, a payment card, HW tokens, as well as personal documents that identify the user.
  3. Biometric factor – represents the user him or herself. Typical biometric identification is a fingerprint, an eye scan, a voice sample or facial recognition.

Multi-factor authentication can be used in combination with so-called adaptive authentication, which is based on artificial intelligence and serves to maximize user comfort by limiting the use of multiple factors to the necessary minimum depending on the current level of risk.

The risk, and thus the method of user authentication, is determined only when the user tries to connect to the requested application - for example, if a user logs in from an IP address other than the default IP address, such an attempt will be marked as risky and the user will be prompted to provide additional authentication using a higher authentication factor.

A revolution in identity verification?

Probably every one of us knows that with the increasing number of applications we use, the difficulty of remembering passwords for each application increases - assuming that the user does not use one universal password, which is highly risky in terms of cyber security. All sorts of modifications to one password and the use of weak passwords helps attackers in their attempts to break the identity and obtain sensitive information.

The answer to reducing risks during identity authentication is passwordless authentication, which is to some extent associated with multifactor authentication (MFA), where users are prompted to provide an authentication factor. One example might be fingerprint authentication when entering a bank payment.

The benefit of this approach is not only greater comfort on the part of the system user, because he or she does not have to remember the password and copy it every time, but also stronger security, in that all password management and risks in the form of impersonation of someone’s identity are eliminated.

In relation to passwordless authentication, the popularity of technology that verifies identity based on an identity card and selfie image has recently increased in popularity, i.e., so-called document-centric identity proofing. Sometimes we encounter the more popular term "ID selfie", which suggests that the technology detects the authenticity of the user using the ID document and the user’s selfie. At the beginning of the process, the user takes a picture or a short video of his photo ID with a photo, as well as a current selfie picture or a short video of her or himself. The identity card (ID document) is first evaluated in terms of its authenticity and is then compared to the selfie picture, or to the video taken by the person presenting the ID document. This method can finally be described as true authentication, not knowledge, as is the case with the use of a password.

Conclusion

With the rise of cyber threats and fraud, security has become a top priority for all organizations that manage digital identities and mediate their authentication. The password authentication method has proven to be vulnerable, and it is therefore often supplemented using higher authentication factors. One example is the use of biometrics for identity authentication, which has become a key part of the fight against identity theft.

New incoming trends in the form of authentication on the basis of ID documents are trying to completely eliminate the need to enter passwords from our lives. We continue to monitor trends in the development of technologies in the process of identity verification, so that we are always prepared to design the most secure solution for our customers.