The Two-Step Process to Fix the Internet's Identity Problem

Written by

In today’s digital world there are nearly 23.14 billion connected devices. Employees across the globe are using these devices to do everything from check personal and corporate emails to access corporate servers all by using their user name and passwords.

As technology advances and more devices are introduced to the market, cybersecurity threats are also becoming more advanced, affecting consumers and enterprises alike.

According to a recent survey commissioned by Vanson Bourne and Veridium, 53% of senior IT decision makers reported that their organization had experienced a data breach over the last five years. As breaches occur more frequently, it is becoming widely understood that traditional pins and passwords are flawed and cannot effectively protect confidential data.

According to the same research, while 99% of IT decision makers reported that they are currently using passwords in their organizations, only 34% of respondents are very confident that passwords alone can protect data sufficiently.

If an attacker spends enough time, they can easily gain access to someone’s username, password and the texted verification code, since in most cases, the hacker already has the victim’s phone in his or her hand. This is today’s “identity problem” of the internet. To solve this problem, below is a two-step process to protect your identity on the internet.

Step 1: Prove Identity through Biometric Authentication: Currently, internet users have two ways to verify their identity: knowledge-based authentication (usernames, passwords, PINS) or possession based authentication: something you have like a smartphone, token or swipe card.

In today’s day and age, this is not enough. It is time to add a third piece to the puzzle: inherence-based authentication: something you are. The move beyond traditional two-factor authentication methods towards a more secure approach is a crucial step to alleviating the risk of an imposter claiming to be you.

Adding biometrics to authentication allows any company, whether it’s a bank or an online retailer, to acquire a critical piece of information about their users. Using biometrics, a company can directly link the users themselves to their accounts, requiring a fingerprint, face, voice, or iris scan for any login or financial transaction, creating a convenient way to update login processes for the modern era and adding a third layer of protection to these procedures.

Step 2: Implement Security Infrastructure: The right infrastructure would allow companies to replace passwords and traditional two-factor authentication with biometric authentication, making biometrics the primary way users access accounts, by setting up a registration process linking the account to the user’s biometrics – an Identity Trust Store (ITS).

An ITS is a central repository, managed by a third party that would act as a trusted source of identity. Users would only have to register once, prove who they are, and enroll their biometrics.

After enrolling their biometrics, any organization that accepts ITS credentials would not have to directly manage them. Instead, they would be able to pay a small fee to the ITS and focus more on their core business. This helps lower the costs associated with conducting identity proofing and authentication on their own, while providing security and convenience to their users.

If users sign up to use an ITS, it would cut down on potential fraud and reduce, or even eliminate, the adverse effects on individuals when their personal information is being collected or processed. Not exchanging personal information on every website will also reduce the attack surface for unauthorized access. 

The threat of cyber-attacks and the explosive growth of connected devices have precipitated the need for strong, highly-secure authentication solutions. Through the use biometrics, any organization can migrate to a biometric-only login solution that still provides the three points of multifactor authentication – what you know, have, and are – while simplifying the login process for the user.

Ultimately, this will enable security and convenience, and provide more information to the company for security logging and reporting that ensures a stronger foundation for cybersecurity overall.

What’s hot on Infosecurity Magazine?