Sopra Steria finds UK citizens want more secu... » London: Sopra Steria has revealed that UK citizens are keener than ever to use digital public servic... World’s top education experts to answer key q... » Education experts, Edtech entrepreneurs and an assortment of thinkers, analysts and administrators f... HAUD gives more value through its Traffic Audit ... » Singapore: HAUD has now established itself as a market leading SMS firewall provider, and through ex... 365squared launches 365analytics » Macau, China: 365squared introduced 365analytics to its portfolio of services. 365analytics is a rea... Checkpoint Systems deploys its EAS Solutions at ... » Checkpoint Systems has announced its partnership in implementing EAS pedestals and deactivation syst... Evander Direct wins commendation for uPVC window... » Evander Direct have been commended for their innovative uPVC cleaning process that dramatically help... Electrical Industries Charity to benefit from pr... » Thousands of pounds are set to be raised for good causes in the electrotechnical industry at the upc... Secure I.T. Environments achieves new internatio... » Data Centre World, London: Secure I.T. Environments Ltd has announced that it has achieved new inter... OKI upgrades wide format with new Teriostar Multif... » Egham: OKI Europe Ltd has launched two new wide format Teriostar multifunction printers designed to ... BSIA members push aggressively for cyber-security ... » BSIA members have pledged to lead the way in cyber-security education, Vigilance can report.



Interview with Andy Kemshall, Technical Director at SecurEnvoy

The last few months have shown that classical authentication methods, based only on passwords, are obsolete because too many passwords were stolen or compromised. Alternatives are authentication using tokens, dynamic passcode and others. These are often unpopular because they require additional effort. In which direction will the user authentication in the coming months and years develop?

User authentication will require two factors, initially this will be a PIN/password (something you know) and your mobile phone (something you own). As smart phones continue to develop the PIN will be replaced with finger print readers built-in to the phone. Future user authentication must be with two factors, something you own and something you are (biometric).

As almost all users carry a mobile phone, it makes it the ideal device to utilise for one of the factors as its already in your pocket. The key to adoption is making the login process easier than a password while leveraging the security of two factors. For example SecurEnvoy have a patent pending solution called “One Swipe” where the user simply enters their PIN or in the future places their finger on the smart phones finger print reader and the phone transfers all the login credentials to your laptop or tablet via a QR Code or later NFC and logs you in without the need to enter your user name, password, passcodes or any other data.

Do you see a difference in authentication technologies for the corporate sector such as the domain registration and authentication in open networks like the Internet, e.g. for online shopping?

No, once a simple to use method that utilizes a mobile phone emerges, there is no reason why this can’t apply to all authentication requirements in all sectors. Users want a simple consistent way to authenticate in all areas of their lifes, even with physical access system users could use their mobile via NFC to access smartlocks. Creditcard payments will become a thing of the past as the mobile phone will essentially take over from the credit cards.

In which areas pure password authentication will prevail in the future despite all the problems?

A password or PIN will only be used as part of a two factor authentication process until the point that users can use their fingerprint on their mobile phone to replace them.

When the backend administration of password resets becomes more expensive than managing two factor authentication systems, the password is dead! Companies such as SecurEnvoy already allow end users to manage their own token device thus automating the life cycle issues associated with mobile phone replacements and is arguably already easier to manage than resetting a password.

In your opinion, what other consequences will arise from new approaches of authentication?

Once user identity is no longer an issue, the internet will become a trusted place with more online commerce, improved business to business communications and a far higher adoption of remote working leading to less transport congestion and a better quality of life. Our love affair with smart phones will ultimately become the future of authentication.