The serious implications of breaches in front line security system defenses are driving the development of next gen authentication at a furious pace.
With information security at the top of the agenda for both businesses and individuals alike, the need for improved protection of confidential and sensitive data is reaching a critical point. But what will the next gen mechanisms be like?
The current landscape of authentication
Authentication mechanisms fall into one of three categories, referred to as ‘know, have, are’. The ‘know’ refers to something that a user has to remember such as a password, key code or an answer to a given question. ‘Have’ relates to an item that a user physically has; typically, this has been something to supplement the ‘know’ element such as a personal chip-and-pin card reader or token. The ‘are’ element is, perhaps, the most advanced area of authentication and supports biotechnology as well as behavioral activity. It relates to something that is inherently unique to one user. We are probably most used to seeing such access control as fingerprint entry to smartphones, retina scanning at airports and restrictions placed on our online activities depending on our geographical location.
The downside of two of these authentication methods are, of course, that personal information such as pass codes and information (know) can be accessed by third parties and peripheral accessories (have) place the onus on a user to have these about their person. However, it is the third level, ‘are’, in combination with ‘have’, which is fast becoming the front runner of the next gen of authentication.
Developers have already recognized that smartphones are something that the majority of users carry with them and have exploited this ease of access with systems such as two-factor authentication across mobile banking applications. However, with the exponential spread of banking Trojans such as Asacub, Banload and Acecard, the need for more robust security is informing the advancement of access control.
How is next gen authentication shaping up?
With devices such as smartphones already a staple part of daily life and wearables rapidly being taken up by consumers, the shift from user-driven authentication to device-driven access control promises to be the next step towards the golden 99.999 per cent reliability target. The technology of devices being able to monitor and detect behavioral patterns in an individual already exists and can be seen in action by the way our spending activity is monitored by banks; patterns, locations and behavior are all routinely processed using algorithms to identify unusual activity and, thus, help to prevent debit and credit card fraud.
The next step in authentication comes by applying similar principles to current devices (smartphones, wearables) or the next generation of portable technology.
It is envisaged that such technology will be capable of accurately identifying it’s user by detecting simple behavioral traits such as the way the device is being held, the accuracy of how that person types (and the speed at which they do so) as well as the routines of that individual (e.g. on a working day between 9am and 11am the device will come to learn that the owner is situated in their office in central London therefore an online transaction from a laptop in Glasgow is likely to be a fraudulent one).
There is still some work to be done to develop next gen authentication technology to achieve the promised land of a secure online environment, free from the threat of data loss, but these super smart devices look set to be a huge step forward along the path to change.