| 03 November 2014
Interview with Andy Kemshall, Technical Director at SecurEnvoy
The last few months have shown that classical authentication methods, based only on passwords, are obsolete because too many passwords were stolen or compromised. Alternatives are authentication using tokens, dynamic passcode and others. These are often unpopular because they require additional effort. In which direction will the user authentication in the coming months and years develop?
User authentication will require two factors, initially this will be a PIN/password (something you know) and your mobile phone (something you own). As smart phones continue to develop the PIN will be replaced with finger print readers built-in to the phone. Future user authentication must be with two factors, something you own and something you are (biometric).
As almost all users carry a mobile phone, it makes it the ideal device to utilise for one of the factors as its already in your pocket. The key to adoption is making the login process easier than a password while leveraging the security of two factors. For example SecurEnvoy have a patent pending solution called “One Swipe” where the user simply enters their PIN or in the future places their finger on the smart phones finger print reader and the phone transfers all the login credentials to your laptop or tablet via a QR Code or later NFC and logs you in without the need to enter your user name, password, passcodes or any other data.
Do you see a difference in authentication technologies for the corporate sector such as the domain registration and authentication in open networks like the Internet, e.g. for online shopping?
No, once a simple to use method that utilizes a mobile phone emerges, there is no reason why this can’t apply to all authentication requirements in all sectors. Users want a simple consistent way to authenticate in all areas of their lifes, even with physical access system users could use their mobile via NFC to access smartlocks. Creditcard payments will become a thing of the past as the mobile phone will essentially take over from the credit cards.
In which areas pure password authentication will prevail in the future despite all the problems?
A password or PIN will only be used as part of a two factor authentication process until the point that users can use their fingerprint on their mobile phone to replace them.
When the backend administration of password resets becomes more expensive than managing two factor authentication systems, the password is dead! Companies such as SecurEnvoy already allow end users to manage their own token device thus automating the life cycle issues associated with mobile phone replacements and is arguably already easier to manage than resetting a password.
In your opinion, what other consequences will arise from new approaches of authentication?
Once user identity is no longer an issue, the internet will become a trusted place with more online commerce, improved business to business communications and a far higher adoption of remote working leading to less transport congestion and a better quality of life. Our love affair with smart phones will ultimately become the future of authentication.