Industry View

Password Seeks Partner For Long-Term, Secure Relationship

Forrester looks beyond the password to key trends in strong authentication

By Bill Nagel, Forrester Research

Page 2

Multipurpose, easy-to-use credentials.Hardware tokens and other physical credentials can be unwieldy to carry and use, but it really becomes annoying when carrying several of them, the "token necklace" problem. Employers have the luxury of mandating that employees use a certain token, but have less authority to extend such mandates to business partners.

Multipurpose credentials have clear benefits, even if those purposes are all internal to the company: for example, using the same card for building access and network access. And any form factor that holds credentials people can use in multiple contexts (think work, bank, eBay, etc.) will gain acceptance more easily. Small wonder, then, that smart cards and USB smart card tokens are the form factors offered by the largest number of vendors.

Collaboration on authentication standards. Several vendors have joined the effort to develop and improve open authentication standards like OATH. This will make it easier for customers to pick and choose the form factors (even from different vendors) that make the most sense for the various types of users among their employee population in terms of security, usability, and cost. Its also an important step on the path to broad-based availability of strong authentication for consumers.

What it means

The strong authentication market is maturing and expanding: Technological innovation is no longer the chief driver. Biometrics, mobile authentication, and PKI solutions are still at the technological forefront, but their bleeding-edge status is long gone. The industry used to sell and differentiate itself on technological innovation, but now reflects the broader trends in the IT and IT security marketplaces: a few major vendors dominating the landscape and filling out their portfolios via acquisition just as often as through organic growth. This is largely due to:

1) The reality of having to serve the masses. Strong authentication has moved well past the early adopter phase. Its no longer characterized by techies bragging about the length of their private key, it's a straightforward and increasingly transparent tool thats necessary to thriving in today's IT security environment. Buyers want an offering from a stable, diversified vendor whose solutions play nice with their existing IT infrastructure and which can bring a wealth of business perspective, professional services, and quality support to the table.

2) Divergent needs of the user community. "Usable" means different things to different people. As such, the market is not going to settle on any one form factor anytime soon. Quite the opposite: Many of the major vendors are adjusting their form factor and management system offerings to deal with the reality that different user populations, even within a single firm, might be better served by using different physical forms of credentials.

Passwords

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors