Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Strong Authentication
Strong Authentication

Emerging Authentication for Mobile Payments

Mobile payments will become more integrated in the way we shop, buy and sell in the coming years. PCMag published an article this week discussing some of the innovative technologies being brought to the market to authenticate these transactions to to reduce the significant threat of fraud in an area that is growing faster than security technologies are being developed to protect it.

Contactless and and wearables-based authentication methods seem to be likely to be used in this case (as discussed previously in this blog). If the user is wearing their smart watch and tries to make a payment, simply validating that this second device is present makes the watch a kind of token. Niche players will also no doubt begin marketing authentication methods based on image and voice recognition, gesture capture and other data that can be captured about the user and used in an authentication context. 

These methods will be viable in the long run if they take a mobile-centric view of what it means to authenticate an individual. With mobile, many of the traditional authentication methods enterprises rely on will become obsolete, and flexibility/cross platform support will become key requirements as new authentication methods are required to work across an ever increasing number of devices in use. This will create a discussion that centers more around the user themselves (their unique attributes, behaviors, devices, locations...), and what it means to determine whether they are who they say they are. 


How Will Wearables Change Multi Factor Authentication?

Samsung is expanding the capabilities of it's new smartwatch, and making it increasingly compatible with it's other Galaxy devices (smartphones and tablets).

Wearables raise some compelling questions around multi factor authentication, especially where the devices are linked to function as a "team". Will these devices take the place of traditional hardware tokens? A company called Bionym has already launched a wearable device for this purpose, however these developments have the potential to move far beyond yes/no authentication and the device whose sole purpose is to authenticate a user, to contributing to a more nuanced view of who a user really is. When these devices communicate with each other, their mere presence, along with the data they are collecting and processing, create a more in depth view of the user that hasn't been accessible before. Possibly most interesting here are the possibilities for biometric and behavioral data these devices will be able to collect. If your watch can detect your heartbeat and use it as an authentication method for apps on your phone, you as a user have built-in authentication that doesn't require you to consciously do anything it all. 

We will see the newest generation of wearables have an impact in the authentication space, as the data available to determine the identity of the user is made more varied and communication improves across smart devices.



MasterCard Joins FIDO - What Will It Mean?

MasterCard's decision to join the FIDO Alliance has been much discussed since the announcement earlier this month. It is certainly encouraging to see large payment providers commit to FIDOs mission, which is focused on moving beyond usernames and passwords for authentication of end user transactions. 

FIDO's proposed user experience reflects an understanding on their part of the need to offer quick and easy authentication for users, especially in a mobile use case. Authentication cannot take a lot of time, require the end user to remember anything complex, or require the user to navigate multiple screens or to open additional apps. Big players in the space, like MasterCard, joining FIDO shows that there is widespread support for a standard for authentication that acknowledges that best solution will enhance both security and user experience.


Advances in Mobile Authentication

Apple's announcement last week that the upcoming iPhone will have biometric (fingerprint) authentication represents the market's recognition that we need better authentication for our mobile devices - and it should be as easy as possible to use.

Whether Apple's fingerprint feature will catch on - how it will be accepted by users, how well it will work, and what it's ultimate success will be, is not the focus of this post. Authentication and security are taking center stage. Users are realizing that mobile devices are becoming our go-to methods to access critical information (work related applications, banking, social media...) and traditional methods of securing computers - both technical and situational, are no longer relevant. Mobile authentication requires accepting that the user is "mobile". They're in their car or out at lunch. They're on shared networks. They're in crowded spaces. For this use case, successful authentication technology needs to be fast, intuitive, and adaptive. Apple recognizes this - because your finger is part of you, it's always there. A single fingerprint is a quick and easy method of identifying yourself. 

In the coming months we will see the conversation around mobile authentication, and securing mobile apps and activities, continue. Innovative ways to provide better security for mobile will be increasingly adopted, and users will see some of the same advances in authentication that we have seen other areas of mobile technology.


What's Stopping Us From Working in the Cloud?

Despite all the hype we hear about the cloud, working in the cloud might be coming more slowly than most of us imagine. In this post on InfoWorld, Gartner's recent findings that only about 8% of enterprise users are working in the cloud give us a chance to ask: What are the real barriers to adoption of cloud based technology for the enterprise?

It's easy to see that the growing number of mobile users will mean that eventually there will be more work we can do in the cloud, but adoption is slower than many predicted. InfoWorld's article references three barriers to adoption, even with the demand from mobile users, saying: "Even with a mobile boost...the growth of cloud office systems will remain slow for a few reasons. First, PCs and the office productivity software that runs on them are cheap -- and mobile office tools are even cheaper. Second, connectivity issues persist: You're not connected to the Internet all the time, and a metered connection typically costs money. Finally, there are still worries about security and privacy." Garter's Tom Austin, Vice President and Gartner Fellow says "While 8 percent of business people were using cloud office systems at the start of 2013, we estimate this number will grow to 695 million users by 2022, to represent 60 percent." 

As users adopt office systems in the cloud, we will see innovation in the technology that supports them in this move, and addresses the existing concerns organizations have about cost, connectivity and security.


Page 5 of 12