As digital, mobile commerce crescendos, Identity and Access Management (IAM) techniques are key to providing a consistent, individualized experience, regardless of the device used or communications channel employed. Providing secure access from a trusted device was hard enough. Now customers control their device-of-choice, channel-of-choice and time-of-choice. It is important to develop and employ technologies that make authentication friction-free and pleasant.
In this on-demand webcast, Dan Miller, lead analyst at Opus Research, and Brandon Whichard, from IBM Security, provide “Five Concrete Steps” toward keeping each customer happy. Opus Research has coined the term “Intelligent Authentication” (IAuth) to describe simple, secure and seamless ways to authenticate individuals and support digital commerce, including:
- Moving beyond “replacing passwords” for single sign-on: While the goal is to overcome the complexity of multiple username/password combinations for individual sites and services, passwords are not going away any time soon.
- Building apps with IAuth in mind: Communicate the importance of simple authentication to internal staff or third-party developers.
- Taking a multi-factor, multi-layered, risk-aware approach: Security experts tout the use of multiple authentication factors, applied in a multi-layered manner. Experience experts recommend that a rules-engine be put in place to determine the level of security to be applied based on what is known about the individual and the nature of the transaction.
- Comparing existing standards (and quasi-standards): You know the old saying, “The nice thing about standards is that there are so many to choose from.” Well, IAuth provides another case-in-point with FiDO, the World Wide Web Consortium and a few vendors getting into the act.
- Minding the gaps: There are a number of open issues to tackle. Which biometric is best? Who ultimately serves as the source of claimed identity? What are privacy considerations? Should matching take place on a device or centralized server? How to offer IAuth at scale?