- 2019 will see the consolidation of multi-factor authentication
As users have grown increasingly weary of creating endless online profiles (86% report abandoning purchases when asked to register with commercial websites) they have also grown increasingly wary of doing so, following a steady stream of stories on hacked passwords and consequent data breaches. With more than 53,000 cybersecurity incidents occurring across 65 countries in the year to Q2 2018, consumers have clear cause for concern; and the traditional norm of username-and-password logins is due much of the blame.
Increasing the number of factors for hackers to compromise, while limiting the number of things users need to remember, then, seems a win-win solution. Consumers can make payments and access services using, for instance, something they know – like a single PIN – in conjunction with something they are, via a biometric scan. Even here, however, there are risks to consider: over the course of 2019, hackers will increasingly seek to exploit vulnerabilities in biometric authentication too. Biometric is regarded as perhaps the most secure of all the mainstream forms of authentication while it is secure; once it is compromised, however, it is lost forever, as it cannot then be revised.
- Multi-factor authentication will force the industry to come up with a standardised solution easy for the consumer
The challenge for 2019 will be in forming, from the various possibilities of multifactor authentication, something approaching an agreed norm. “Only using a password to authenticate is increasingly leaving us open to phishing and other attacks,” explains security expert Susan Bradley. “But the fact that all the vendors are implementing different systems to authenticate means I’m being driven slightly crazy with all of the two-factor authentications I’m having to manage. It won’t be better until a more standardized process is settled on.” The direction of travel for passwords is clear – they are steadily becoming obsolete – but the digital world is yet to settle on a consolidated approach which avoids adding further headaches for the user.
The mobile industry’s answer for the coming year is that the strongest solution is one that pairs something simple for users to remember with something which they have on their person as a matter of course – like an iris of fingerprint, but which can be quickly changed if necessary. The industry’s collaborative solution Mobile Connect does so by matching users with their mobile device and requiring them to recall only a single PIN, both of which can be easily replaced in the unlikely event of both becoming compromised.
- The industry will see a technical revolution in the way that identity is gathered from the consumer
Market research indicates nearly 9 in 10 users would prefer to recall only a single strong login, and the range of industries in which this proves the case grows constantly; most recently, the need for secure but convenient multifactor authentication has become apparent in online gaming. “In 2019, we will see a more concerted effort to replace the password solution altogether”, predicts Malwarebytes CEO Marcin Kleczynski; the question now is what the market will choose for the principal replacement. Much work is being done to upgrade biometric scanners and make them more economical for mass deployment on consumer devices, which is to be welcomed; it is difficult to see at least in the immediate term, however, how this can surpass the cost-efficiency and convenience of pairing users with their devices themselves. The winner of that contest will enable the confidence in eCommerce, and the sustainable growth of it, that all concerned parties want to see.