SURVEY: 1 IN 2 BUYERS REQUIRE CSR IN PROCUREM... » Almost half of buyer documents (48 per cent) seen by electrotechnical businesses with turnover above... G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta...




Interview with Andy Kemshall, Technical Director at SecurEnvoy

The last few months have shown that classical authentication methods, based only on passwords, are obsolete because too many passwords were stolen or compromised. Alternatives are authentication using tokens, dynamic passcode and others. These are often unpopular because they require additional effort. In which direction will the user authentication in the coming months and years develop?

User authentication will require two factors, initially this will be a PIN/password (something you know) and your mobile phone (something you own). As smart phones continue to develop the PIN will be replaced with finger print readers built-in to the phone. Future user authentication must be with two factors, something you own and something you are (biometric).

As almost all users carry a mobile phone, it makes it the ideal device to utilise for one of the factors as its already in your pocket. The key to adoption is making the login process easier than a password while leveraging the security of two factors. For example SecurEnvoy have a patent pending solution called “One Swipe” where the user simply enters their PIN or in the future places their finger on the smart phones finger print reader and the phone transfers all the login credentials to your laptop or tablet via a QR Code or later NFC and logs you in without the need to enter your user name, password, passcodes or any other data.

Do you see a difference in authentication technologies for the corporate sector such as the domain registration and authentication in open networks like the Internet, e.g. for online shopping?

No, once a simple to use method that utilizes a mobile phone emerges, there is no reason why this can’t apply to all authentication requirements in all sectors. Users want a simple consistent way to authenticate in all areas of their lifes, even with physical access system users could use their mobile via NFC to access smartlocks. Creditcard payments will become a thing of the past as the mobile phone will essentially take over from the credit cards.

In which areas pure password authentication will prevail in the future despite all the problems?

A password or PIN will only be used as part of a two factor authentication process until the point that users can use their fingerprint on their mobile phone to replace them.

When the backend administration of password resets becomes more expensive than managing two factor authentication systems, the password is dead! Companies such as SecurEnvoy already allow end users to manage their own token device thus automating the life cycle issues associated with mobile phone replacements and is arguably already easier to manage than resetting a password.

In your opinion, what other consequences will arise from new approaches of authentication?

Once user identity is no longer an issue, the internet will become a trusted place with more online commerce, improved business to business communications and a far higher adoption of remote working leading to less transport congestion and a better quality of life. Our love affair with smart phones will ultimately become the future of authentication.