Confirmation of identity is still a major challenge as binary authentication has become an issue due to the surge in data breaches as bad players continue to attack entities and gain access to valuable consumer data.
Relying solely on binary authentication such as login/password, 2FA and MFA which are static and stored somewhere is clearly not sufficient enough to protect individual cyber credentials and has been beaten time and time again.
According to IBM Security and Ponemon Institute, the global average cost of a data breach was $3.86 million in 2018, up 6.4 per cent from 2017. Adding to that, security intelligence vendor Risk Based Security (RBS) suggests there were more than 6,500 publicly disclosed breaches and more than 5 billion records exposed globally in 2018.
Is it time to replace password-based credentials?
Shahrokh Shahidzadeh, CEO of Oregon-based cyber-security start-up Acceptto, told TechRadar Middle East, that the obsolescence of passwords is upon us and changing passwords for an alternative approach for authentication is way past due.
“Yes, the future is going to be passwordless. The whole foundation or active directory that companies have set up is based on passwords and usernames.” Regardless of how safe a fingerprint, voice activation or retina scan appears to be, he said that it can be tricked.
However, he said that because of the surge in breaches, people are waking up but the transition of the 40-year old system will take time.
“These [passwords and other forms] will go away with the introduction of new solutions like Fido solutions and provide a higher level of security” says Shahidzadeh. Fido Alliance is a consortium of more than 250 companies that create security standards.
To get rid of passwords, Google Chrome and Android, Samsung’s in-display fingerprint sensor on its Galaxy S10 smartphones, Microsoft Hello and Mozilla Firefox are a few players that have already become Fido compliant. Many other companies are expected to follow suit.
Shahidzadeh believes that about 50% of the current passwords and multi-factor authentications will be replaced by behavioral modeling and passwordless in five years and about 80% in the next 10 years.
What is behavioral modeling?
In order to protect a user’s identity, Shahidzadeh believes that a user must employ a technology that incorporates artificial intelligence and machine learning along with behavioral modeling compared to the traditional password/2FA/MFA securities.
“Doing so allows for the smartest, most risk-based, authentication and life cycle management available. By incorporating such a technology, you are getting the best security possible as no person or machine can exactly mimic your innate behaviors. This makes your identity immutable and therefore your data is inaccessible,” he said.
Shahrokh believes a behavioral-based, continuous authentication technique, using a combination of your physical behaviors, attributes and digital DNA, is the only way to cognitively and continuously authenticate all data access and entry.