?
MARC
VANMAELE, CEO
OF TRUSTBUILDER
U
ser credentials
give us a sense
of security but in
the age of massive
data breaches,
phishing attacks
and password
hacks, it is becoming clear that
passwords are increasingly at risk.
Consumers are increasingly using
their social IDs to access services and
resources. You need to allow them
easy access to your services through
their existing digital identities. But when
we see incidents like the recent data
breaches suffered by Facebook and
Google+, it’s clear that these credentials
are not secure on their own.
Today, there are billions of passwords
available to cybercriminals within a few
clicks. If users have not changed their
password, or have chosen something
similar as a replacement, their accounts
are vulnerable. There are methods that
can add an extra layer of protection
to accounts, such as multi-factor
www.intelligentciso.com
|
Issue 08
authentication. This is where users must
authenticate themselves with additional
information, such as a one-time-
password generated on their mobile
phone, a hardware token or biometrics
such as a fingerprint. Although each
of these can add complexity to the
checkout process, users are becoming
familiar with various methods.
Some organisations have assumed that
end-users do not understand the need
for security or privacy and must have an
entirely frictionless login experience. We
believe that people are smarter than that,
as long as security is proportional to the
perceived asset value, they accept and
even encourage security – as long as
this remains simple and user-friendly.
Still, there is a balance to strike.
Today’s issue is to find the right
balance between security and end-user
convenience. This is the case when
the user is a member of staff and even
more so for the consumer. Google,
Apple and many of today’s most
editor’s question
There are billions of
passwords available
to cybercriminals
within a few clicks.
popular mobile applications have set
usability expectation to a high level.
In addition to allowing multi-factor
authentication, organisations may
wish to check more information than
a user’s credentials and an additional
authentication factor.
For example, if a user is in a location
that is unrecognised or presents an
increased risk of social engineering
attacks, such as a public location
that uses an open WiFi network. It is
possible to check factors such as these
by authenticating users dynamically
considering not just who they are but
also the context in which the transaction
or session is taking place.
However, this can add complexity for
the organisation and the user. That’s
why some organisations are employing
identity and access management
(IAM) solutions to understand as
much user context as necessary. The
best solutions enable organisations
to authenticate users dynamically,
considering factors such as the user’s
age, location and whether the device
they are using is recognised.
While there is no one-size-fits-all recipe
to find the right balance between security
and simplicity, the balance is specific to
each industry and even each company.
For our company, this is something
we understood from our inception
and we designed our TrustBuilder
Identity Hub product in a way that
allows organisations to define their own
balance between a seamless end-user
journey and the need for a high level of
identity assurance.
29