Remember those movies about speakeasies in which a guy knocks on the door and a spy-port slides open, revealing just the nose and eyes of another guy who asks for the password?
I always wondered what prevented another person from lingering out of sight, overhearing the password and using it to get in.
If you are only using passwords as a means of authentication today, your data is as easily penetrated as that speakeasy door.
Hacked passwords are responsible for about 75 percent of data breaches today, and the breaches can have costly consequences. Just look at how the Verizon deal with Yahoo was eroded by a reported $350 million after Yahoo revealed its data had been hacked again.
Even two-factor authentication is easily overpowered today. Plus, it can be expensive and cumbersome. Multiple-factor authentication, on the other hand, can significantly boost security, but may be excessively bothersome for customers and chase away prospects who can’t remember the answer to a hint, or don’t know which username or email is related to a specific account.
What are your choices? Here are seven of the most common authentication methods. See which fit your business strategy.
- Native: Username and password. Better than nothing, but not by much.
- Social: This incorporates a social media identity, which adds another layer of security, but customers might object to sharing data in their social media account.
- One-time password: Customers have a consistent identity, but a new password is delivered to their smart phone for each sign-in. You might have noticed Yahoo and Google using this method, which assumes that the cell phone is in the hands of the owner.
- Single sign-on: Customers authenticate through a central server, a secure token exchange takes place, and access is granted to all properties and applications authorized for that account.
- Light (lazy) registration: We see this with ecommerce sites especially. Customers are only asked for one piece of information up front – such as an email address – which allows a brand to start tracking that person’s preferences. Over time, the customer is asked for additional pieces of information until a full profile is developed. This is also called passive or progressive registration.
The last two means of authentication rely on biometrics and are being seen first on mobile devices.
- Touch: Popular with financial institutions, it uses fingerprint identification.
- Facial recognition: You look into a camera, the software measures aspects of your face and compares them with the company database. Apple is considering using it to unlock iPhones. Ecommerce giant Alibaba is looking at it for payment transactions.
About two-thirds of enterprise businesses today are using native authentication, with the majority of the rest using a combination of native and social authentication.
What methods you choose should be driven by your needs, but customer experience and the demands on IT staff should be considerations.
Just because multiple options exist, doesn’t mean companies have to use them all to be successful.
Implementing the right authentication measures in-house can be costly, so it is wise to partner with customer identity and access management (CIAM) experts who can provide guidance and help implement best practices. Of course, it’s no surprise that my recommendation for a CIAM vendor would be Gigya.
By Craig Ferrara