Web authentication is headed for a sweeping change
Web authentication is headed for a sweeping change, as consumers and businesses increasingly look to a more effective way to establish identity and trust on the Internet, which in becoming a quintessential tool in everyone’s lives. The extent of transformation, however, is still evolving.
Craig Spiezle, president of Online Trust Alliance (OTA), told ZDNet Asia in an e-mail interview that the definition of authentication, identity and reputation is set to evolve over time.
Alvin Ow, technology consulting director at RSA Asia-Pacific and Japan, concurred, saying authentication will change in the future out of necessity.
“With the spike in recent cyberattacks on consumers, private businesses and public bodies, people are…beginning to realize that the basic user-name-and-password form of security is not enough to protect oneself,” Ow added. “The way forward, will be multifactor authentication.”
In fact, at the Cloud Identity Summit 2011 in July, Gartner’s Bob Blakely went as far as to state that users will cease authenticating in the future because authentication does not work and is “a pain in the neck to use”.
The vice president and distinguished analyst said recognition would be a better approach, where digital footprints would be used for identification and to establish trust. He further added that digital footprints on social networks can be used to authenticate people, and such data would be more reliable than standard authentication.
Spiezle, however, said it would be a “misstatement” to say people will stop authenticating. The OTA executive believes, instead, that there will be more stringent checks to verify identity as well as the use of other information for Net users to be able to carry out transactions.
“I see a future where high level credentials will be required for both the user and device,” he said. “Think of authentication as the driver’s license and reputation [as] the driving record.”
Spiezle’s stance is similar to calls made by security experts such as Eugene Kaspersky, who has been a vocal advocate for Internet passports and an Interpol for the online realm.
McAfee CTO Scott Chasin added that recognition through digital footprints or crumbs will not be the sole means for enabling trust and, instead, contribute only to the context of the authentication request.
“I believe that digital footprints will have a place in context-driven security models which will help define trust management ecosystems,” he explained in an e-mail. “Digital footprints are simply another metadata attribute which cloud-based identity and trust brokers will leverage in order to authenticate or authorize users, devices and applications.
ID-as-a-service emerging
The McAfee executive, who also spoke at this year’s Cloud Identity Summit, proposed during the event that social networks will provide a third factor for establishing trust and identity–after blacklisting and whitelisting.
Read more . . .ᔥ
Bookmark this page for “Web authentication” and check back regularly as these articles update on a very frequent basis. The view is set to “news”. Try clicking on “video” and “2” for more articles.