In\u00a0earlier blogs, we\u2019ve discussed data breach trends and how the merging of of enterprise and consumer identities creates a large attack surface for hackers. Now, we\u2019ll drill down into the different ways enterprise and consumer identities are becoming even more similar and what we as a security community should do about that.In\u00a0earlier blogs, we\u2019ve discussed data breach trends and how the merging of of enterprise and consumer identities creates a large attack surface for hackers. Now, we\u2019ll drill down into the different ways enterprise and consumer identities are becoming even more similar and what we as a security community should do about that.Multi-factor assimilationWhile some two factor authentication methods were created for consumers and then adopted by businesses, others were created for the enterprise and adopted by individual users.Biometrics\u00a0include fingerprint scanners and iris scanners built into native apps for consumer or enterprise authentication. The\u00a0Nymi\u00a0band which uses your heartbeat rhythm to authenticate you to resources when worn on your hand is a great example of this.Context-based authentication\u00a0is best known by consumers as a \u201cRemember me on this device\u201d checkbox or as your Verified-By-Visa (VBV) and MasterCard SecureCode (McSc) password. When logging in form an unfamiliar device, the user is asked to validate his or her identity with an additional factor (such as an OTP).Single-tap push authentication\u00a0lets users authenticate with a tap of a button on a mobile device, and is offered by both consumer services and enterprises.Single sign on at work and at homeYou\u2019ve heard of password fatigue, yes? We\u2019re all required to remember so many passwords as part of our daily routines now that consumers experience a sort of existential dread when logging into poular applications. Implementing Single Sign On (SSO) solutions, wherever possible, can eliminate this frustration by providing the capability to authenticate once, and be subsequently and automatically authenticated when accessing various resources.In the enterprise world, an SSO experience is created using password vaults or identity federation protocols such as\u00a0Kerberos,\u00a0SAML\u00a0and\u00a0Open ID Connect. In the consumer world, federated authentication, a predecessor to SSO, dominates, though consumer-facing password vaults are available, too. When you click the \u201cSign in with Google\u201d button to login with your current Google identity, that\u2019s the Open ID Connect protocol extending your Google identity to a new, unaffiliated website, removing the need to create a new identity and log in with a new username and password set.What\u2019s the key to a universal identity?If I start a new job tomorrow, can I start accessing the network, VPN and cloud applications using one of my social media accounts? If my new job has implemented an identity broker, then the answer is \u201cYes!\u201dSimilarly, with an identity broker, you could let your business partners log in to your partner portal using a social identity they already have, saving them the trouble of maintaining a new identity for that service\u2014a worthy cause considering that many breaches are perpetrated by leveraging suppliers\u2019 and partners\u2019 login credentials, as in the\u00a0Target breach.An Identity Broker is a system that can support Bring-Your-Own-Identity (BYOI) schemes by taking a user\u2019s existing identity and allowing them to authenticate to unaffiliated websites using that identity. With identity brokering, a single user account can be linked to identities from different identity sources. This is done using protocols such as SAML 2.0 or Open ID connect specifically set up for a brokering scenario.In the future, we may see an increasing number of identity providers that not only support isolated enterprise identities, but rather providers that increasingly support numerous external identities, such as social media accounts, healthcare smart cards, commercially acquired identities, as well as identities created with off-the shelf wearables that are embedded with smart card chips.\u00a0This kind of identity brokering will make our current identity \u2013 a universal one \u2013 that is interoperable across our consumer and enterprise lives. This is exactly what the\u00a0FIDO Alliance\u00a0is aiming for. Led by industry leaders like PayPal, Microsoft, Google, ARM, Lenovo, MasterCard, Bank of America, and American Express, the alliance hopes that by leveraging\u00a0PKI\u00a0authentication, we\u2019ll be able to use the same USB dongle, biometric eyeprint, or mobile device to login to our bank accounts, access cloud apps and sign in to our social networks.The need for better protectionUnfortunately, the idea of a universal identity also raises a number of red flags for the average consumer. While credit cards can be easily replaced and fraudulent charges covered, the damage from stolen identities and sensitive personal information is much longer lasting \u2013 you end up with cross-the-board risk between your user and business life. Unless implemented correctly, it could be a key target for attacks. Again, this ties back to the need for secure breach strategies \u2013 like granular access controls and policies \u2013 that better defend data.