Passwords are easily the most common method of authentication, but soon they won’t be enough to handle the innovative technologies we use. It’s almost weekly that we hear about major data breaches. Breaches will only become more troubling as we put more of our personal information online through technologies like online banking and the Internet of Things (IoT).
For both work and play, passwords may soon become a thing of the past. Not only can they be difficult to remember, but password sharing and creating weak passwords makes them easy to compromise.
In order to protect data in our increasingly digital world, identity and access management (IAM) professionals must find new ways to determine who can see what information and how.
Security Tokens Keys
One way to increase security of digital data is to require a physical authentication method. Security keys are small USB devices users must insert into their computer in order to complete their login process. The method, known as Universal 2nd Factor (U2F) is an alternative to the traditional two-step authentication method. According to digital expert, Thierry LeVasseur: security keys make it so that even if a hacker or bad actor were to possess your password, they still wouldn’t be able to access your information unless they also had in their possession the physical security key” making the method “incredibly secure.”
Biometrics
Biometrics, authentication methods that involve the user’s physical body like fingerprints or retina scans, have recently come into the mainstream. Apple’s Touch ID and Face ID features are sure to inspire more brands to incorporate biometric solutions into their designs. One of the main advantages to this method is that they utilize part of who the user is, making it much more difficult to compromise. Using biometrics is also fast and convenient, though they sometimes have issues with recognition accuracy.
Two-Step Phone Authentication
Using mobile devices for two-step authentication has become one of the most popular IAM methods next to passwords. PCMag’s lead security analyst Neil J. Rubenking explains that “there are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.”
Companies use a range of two-factor authentication techniques. Perhaps the most user-friendly of these is push notifications, where a user can respond to a notification directly on their device to go onto the next authorization step. One-time passwords, called mobile tokens, have the benefits of physical security keys without having to carry around a physical item. These can be sent via SMS message so users don’t have to install any extra apps or programs.
In the not-so-distant future, we can expect to see innovative new IAM techniques used for leisure and in the workplace. Though each method has its pros and cons, these alternatives may soon overtake passwords as the main ways we protect our sensitive data.