Time to eliminate the password: New report on next-generation authentication for digital financial services
By ITU News – “We don’t want digital financial services to be built on the wrong foundation, which is the password,” says Abbie Barbir, Rapporteur for ITU standardization work on ‘Identity management architecture and mechanisms’ (Q10/17).
Over 3 billion usernames and passwords were stolen in 2016, and the number of data breaches in 2017 rose 44.7 per cent higher than that recorded in 2016.
“We are moving away from the ‘shared secret’ model of authentication,” says digital ID strategist and standards expert, Andrew Hughes of InTurn Consulting, referring principally to the username-password model of authentication.
“Considering the prevalence of data breaches, there are no secrets anymore,” says Hughes.
Designed to overcome the limitations of passwords, specifications developed by the FIDO Alliance (‘Fast Identity Online’) enable users to authenticate locally to their device using biometrics, with the device then authenticating the user online with public key cryptography.
This model is not susceptible to phishing, man-in-the-middle attacks or other forms of attacks targeting user credentials.
“This is the biggest transformation we have seen in authentication in 20 years,” says Jeremy Grant, Managing Director of Technology Business Strategy at Venable. more>