The Authentication Challenge
The correlate of our identity in the digital plane is both a personal and private value as a gateway to an endless universe of applications and services, and its authentication is vital to guarantee the most important pillars for the digital citizen of the 21st century: trust, security and privacy. But for developers, meeting this complex challenge without impairing interaction with products by making them difficult and time consuming is certainly a constant threat.
Dangerous actors who attack organizations and consumers come in many formsfrom small-scale manual efforts to brute force methods that coordinate huge hacker teams with synchronized attacks. The more lucrative the potential payoff, the more time and effort a threat actor is willing to invest.
Six out of ten companies suffer a computer security incident
This spending-reward relationship defines the need for defensive strategies, at a time when, for example, only in the first 90 days of 2021, our platforms detected an average of more than 26,600 passwords breached per day. The proliferation of these ever-evolving online threats, combined with the tendency of users to reuse passwords in their applications and websites, challenges organizations to offer a good product that combines practicality and safety.
Every possible attack for a potential data theft can have far-reaching consequences – on average, today 84% of breaches are attributed to compromised passwords. The impact it has on the credibility and reputation of the company, as well as for internal processes that are threatened.
passwords.jpg
Security and usability
On the other hand, the way in which we manage to improve our strength against attacks also it will allow us to get rid of heavy loads that harm our performance with users. This is reflected in a survey conducted by Auth0 at a global level with more than seventeen thousand users and IT and Marketing decision makers about what are the main frustrations experienced when registering or entering a site or app.
For Argentine users, the most daunting factor is filling in long login or registration forms (48%), followed by the creation of a password that meets certain requirements (47%), and the sharing of private information (46%) end up forming the multiple issues that today discourage the use of apps and pages of all kinds. This leads to an overwhelming majority of consumers reusing passwords for more than one account (86%), one of the bad practices that causes the most identity violations.
Passwords
Pixabay
Turn the page
As evidenced by these results, there is no longer any way to evade the reality that the paradigm that we have been applying since the 70s must changer imperiously. Not only is it not efficient against today’s cybersecurity challenges, it is also impairs our reach and our acceptance by users. If at some point, CIAM was a matter of niche and little considered, that moment is over.
Fortunately, today there are practical and precise ways to know if a user is who they say they are, in addition to demanding something that a user knows, such as a password or another shared secret. We can dynamically incorporate into the login something that a user always has at hand, such as a device, or something that only the user can physically contribute, that is, a biometric quality. A good authentication system implies that the more challenges overcome, the more trustworthy an identity will be, and today we have an offer of methods that complement each other to be able to leave the current panorama behind. But creating a great identity system is about more than adding verification steps, and a proper balance with user experience is complex.
Biometric System.jpg
Courtesy: Safety Notebooks
Verification methods that were developed in recent years are an absolute overcoming of the traditional “username and password”, and allow to analyze multiple risk signals to adjust the process according to the conditions of each company in the face of a constantly changing threat landscape, which is far from disappearing. In that sense, we are in a position to say that we already have the tools to move towards a “passwordless” model that it is replicated in more and more platforms, and that it only depends on the ability to prioritize CIAM for the first time.
Actually, the future has arrived, and with that thought we have to act for a change of perspective that involves use multilevel methodologies to detect attacks proactively rather than reactively, taking a fundamental step in the digital transformation where security leads all industries into the future, today.
CTO and co-founder of Auth0
Source From: Ambito
