In an age where more of your information than ever is being stored digitally, identity protection has never been more important. Think about it, you’re probably carrying around a rectangle in your pocket right now, that not only keeps a detailed log of the passwords to all the websites you frequent, but your credit card information as well. These features are, for the most part, amazing, seamless, and convenient, but they also require some extra security to ensure that the people using these features are who they say they are. Identity Management is vital in keeping your personal information between you, and the devices you store it in, and is something that we have seen grow both in commercial, and business applications.
Currently, we have several ways of authenticating our identity across different applications, websites, etc. such as: passwords, tokens, cards, biometrics, mobile devices or pin numbers. Generally, the level of authentication used is determined by the value of the asset or data being protected. Traditionally, one of these authentication methods are used to access accounts or data, but more recently we have witnessed the shift to two or more authentication methods for added security. This is often referred to as ‘two-factor’ or ‘multi-factor’ authentication. While two-factor authentication is becoming more commonplace, the most frequently used identity authenticator is a password, which has long been thought to be the weakest link in authentication. When creating a password, the average individual will often choose to use a word that they’ll be able to easily remember. Unfortunately, someone who knows that individual may be able to use what they know to guess their password. That’s where two-factor authentication comes into play. When you sign into an account with your login and password, a second method of authentication will need to be completed before you can gain access – generally a PIN code delivered by email or text message. This prevents other people from gaining access to your assets or data.
Physical access is another area of identity management that we have seen evolve relatively recently. What used to be restricted to cards as identifiers have moved towards mobile authenticators. What’s the one asset that everyone wants to protect? Their money. For years, the only way to access your funds was through the use of a debit card, but more recently, people have been able to make purchases using Near Field Communication (NFC) technology with their mobile devices. Concerns about security arose when this technology started to roll out, but these mobile devices manage identity by way of biometrics – a fingerprint or face scanner, or the constant connection of a wearable – to determine that you are who you say you are. This makes purchasing something much more convenient, as most of us are always walking around with our mobile devices in our pocket.
The next step for digital access is to iron out the inherent issues with multi-factor authentication. The biggest hurdle with multi-factor authentication is the fact that it can be inconvenient. It’s much safer, but (even anecdotally) something that stops most users from utilizing this extra security is that it takes too long, or there are too many steps to access their accounts, so they simply shy away. The beautiful thing about something like Apple Pay (a system that allows you to make purchases with your iPhone or Apple Watch) is that every authentication step happens seamlessly. You pull out your phone, double click on the home or power button, the device scans your fingerprint or face, and you tap the device to the terminal to pay. It’s faster than even pulling out your wallet, fumbling for the correct card you want to pay with, and either tapping it or using the chip & PIN. As far as accessing online accounts, the multi-factor authentication process is still a little too sluggish, and that is something that will certainly need to change if everyone is going to adopt it.
In today’s digital landscape, there’s nothing so important as protecting your online identity. Something like multi-factor authentication can be a little bit of a hassle, but understanding that it’s key in protecting yourself online, and is vital to keeping your assets and data secure. Identity management has come a long way as far as utilizing methods like mobile authentication, but there are still some hurdles, most notably seamlessness when it comes to multi-factor authentication, that must be overcome to make for a truly secure future.