Last updated: 16 May 2016
This post originally appeared on SafeNet’s The Art of Data Protection blog prior to Gemalto’s acquisition of SafeNet.
One of the intriguing topics that is cropping up more and more in customer and industry forum discussions is Bring-Your-Own -***, where we the users, whether acting as customers or as employees, now control much of the technology used to conduct personal and business interactions.
Bring-Your-Own-Identity (BYOI) represents an evolution in authentication schemes by offering a better user experience and security than the use of multiple passwords for different services.
For those who are unfamiliar with the term, BYOI often refers to the use of “social login” or, in other words, using a 3rd party cloud service identity to access multiple services. The option to push a button and login with “your favorite social ID” now found on many consumer web sites is attracting users simply because passwords are too much of a headache and a security issue for most of us.
The ability to use a single credential to access a wide range of services often increases security since a user only has to remember one [strong] password instead of multiple passwords. In some cases, it also enables the user to turn on two-step authentication for a single trusted provider, leveraging one time passcodes as an extra security measure.
Furthermore, the approach of trusting a reputable cloud service provider is often more secure than spreading and storing passwords in many different sites. All you need to do is to note the password hack of the week to realize how a breach of one service triggers a chain of compromised accounts in other services, as users often use the same passwords for several sites.
In addition to social login, another example of a BYOI approach is the ability to use a credential issued by a public service.
In countries where national ID is practiced and an eID credential is issued to citizens, I see increased interest in using a government-issued ID card or a health card with a smartcard chip, which provide a high level of user assurance, to access online services or even enterprise and corporate networks.
Although convenient and secure, using a single identity provider also brings in a slew of privacy concerns, as the use of the same identity over multiple services opens the door to tracking and the correlation of user activity over multiple services.
In a recent post, we mentioned the growing need for an interoperable and universal authentication framework. BYOI schemes are an integral part of this. In this regard, I’m glad to see more good news coming our way: The Fast Identity Online (FIDO) Alliance.
SafeNet recently joined the FIDO Alliance as a sponsor member, and I was recently able to attend the quarterly meetings of the alliance. FIDO is all about developing a universally flexible authentication framework for consumers and businesses alike. I came away with a good impression of a few elements that are key in the FIDO concept and protocol design:
- Improving the user experience by allowing the user to utilize alternatives to passwords and have a consistent experience across multiple services and user devices.
- Improving security by using a multi-factor scheme that involves something you have (a user device that you use or a pluggable authenticator) and another method of user verification – which could be one of many different options – a device password or a PIN, or a biometric mechanism such as fingerprint scan or voice recognition.
- Maintaining user privacy by keeping biometric data on the user device and using distinct authentication keys for different services. In this way users cannot be tracked and their identity correlated by the different services they use.
These points indicate how the FIDO protocols and specifications complement BYOI approaches by allowing users to maintain privacy without compromising security.
Moving forward, there are more opportunities for solution providers and businesses to benefit from an emerging broader identity framework. The use of cloud BYOI approaches, a national identity, or a FIDO Alliance-enabled scheme translates into greater trust, better security, and getting over our password headaches.
If you want to learn how organizations must respond to next-generation authentication trends, download our free ebook, Business Drivers for Next-Generation Two-Factor Authentication Solutions.
In this ebook, the challenges of a complex authentication environment are brought forth as encountered per enterprise stakeholder – including executives and HR, CFOs, CIOs, CSOs, and users – together with how these challenges can be redressed. Download the ebook now.