Blurred Boundaries and New Methods: What’s Trending in Authentication

The world of authentication has come a long way from hardware tokens, SSO, and stronger passwords. Here are 5 trends in user authentication we’re tracking in 2017.

istock 673574412

Remember when hardware tokens and complex passwords were the only ways to deliver secure access? Today, mobile and cloud applications are driving demand for convenient authentication methods to serve a large, diverse population—and we’ve seen a multitude of methods emerge: multi-factor authentication (MFA), standards-based solutions, biometrics, smartphone-based authentication, and more. Here’s the lowdown on some of 2017’s top authentication trends.

1.       Modern methods for modern workstyles. From traditional hardware tokens to risk-based techniques, organizations have more MFA choices than ever, so they can offer users more flexibility to meet their changing needs. What’s next? Watch the growing trend toward dynamic, frictionless solutions that automatically know who you are based on contextual clues and behavioral access patterns—while still providing a high level of identity assurance. Certified interoperability with on-premises and cloud apps will also become increasingly important as the number of applications continues to grow.

2.       SSO keeping pace with growth in cloud and mobility. The need for user convenience is growing in proportion to the tremendous growth in the number of systems and applications users need. You can’t expect people to remember hundreds of unique passwords, of course, and that’s why many organizations are betting on single sign-on (SSO). But SSO is only effective if organizations have the assurance that those who request access are who they say they are. Don’t be surprised to see more SSO providers partnering with security and authentication specialists to deliver solutions that use advanced analytics to increase security and transparency.

3.       Standards-based authentication. Several emerging open standards and protocols for multi-factor authentication are making it possible to meet diverse user needs and still have consistent integration processes and user experiences across systems, devices, and apps. For example, you can have a different type of authentication method for an employee who routinely accesses lower-risk applications than for a privileged user—but you can employ the same standards and protocols to incorporate and administer both.

4.       Biometrics that live up to the hype. You can’t really blame some for thinking “yeah, sure, I’ll believe it when I see it” about biometrics becoming commonplace for enterprise authentication. Providing a fingerprint or eyeprint may be easy for the user, but getting there has historically been costly and complex for organizations. Today, however, with a maturing ecosystem of biometric-ready smartphones, coupled with the adoption of open standards, the stars finally seem to be aligning for broader adoption.

5.       Device-level trust. Smartphone-based authentication is becoming increasingly popular, but it still poses challenges. Sure, you can use advanced authentication tools such as biometrics to provide assurance that the phone’s owner is the one using the phone—but how do you know the phone itself can be trusted? We’re seeing phone manufacturers working to establish a verifiable ID that will enable organizations to feel more confident about extending trust to a device.

Take a deeper dive into these and other user authentication developments in RSA’s eBook, User Authentication Trends 2017.

Copyright © 2017 IDG Communications, Inc.