printer friendly version

Identity and authentication

Identity authentication is a crucial aspect of both physical and cybersecurity. In this feature, SMART Security Solutions asks three companies for insight into the latest developments.

Identity management and authentication have always played a crucial role in security, ensuring that only authorised individuals can enter a building or access digital assets. Adding the myriad cloud computing and general internet services available to businesses and individuals today, only serves to exacerbate the challenge of knowing who you are dealing with and transacting with.

The importance of identity management (IDM) and identity authentication (IDA) has further escalated due to the rise in crime in both physical and digital realms, as well as the increasing use of artificial intelligence (AI) to bypass the security measures that companies implement.

IDA is not only a business issue, as individuals are victims of fraud and various crimes when they, or the companies they trust, lose sensitive information. The POPIA Act in South Africa was developed to safeguard sensitive information. Still, the Information Regulator only gets involved once the damage is done, and no matter how steep the sanctions may be, the information that should have been protected is out in the wild and accounts and identities are compromised.

Everyone has been and is subjected to some form of identity authentication, especially those who bank online or set up passwords for other online or mobile services. Put simply, IDA is similar to a digital handshake that confirms you are who you say you are – and this is where the risk comes into play.

The most common IDA mechanism is the much-abused password. Some (old) measures to improve security involved asking preset questions that only the real user would supposedly know (your dog’s name, for example). Naturally the additional security provided by a set of questions is, to be polite, questionable.

More recently, biometrics became popular as they combine convenience with additional security, especially when transacting on mobile devices. But there are still security and user issues with biometrics, which led to the introduction of two-factor authentication (2FA) and multi-factor authentication (MFA), combining something you know (like a password) with something you have (like a phone) and/or something you are (biometrics).

In this year’s handbook, SMART Security Solutions asked three companies involved in the identity market to expand on the progress and challenges of IDM and IDA, and how they are addressing the market. To avoid including all the responses in an excessively long and complex article, we split the answers into separate articles which follow this introduction, one of which will be online due to space restrictions.

The FIDO Alliance

This feature refers to the FIDO Alliance. We include this brief explanation for anyone unfamiliar with the organisation’s work.

The FIDO Alliance is an open industry association focused on reducing the world’s reliance on passwords. To accomplish this, the FIDO Alliance promotes developing, using, and complying with authentication and device attestation standards.

The FIDO Alliance aims to change the nature of authentication with open standards for phishing-resistant sign-ins with passkeys that are more secure than passwords and SMS OTPs, simpler for consumers and employees to use, and easier for service providers to deploy and manage. The alliance also provides standards for secure device onboarding to ensure the security and efficiency of connected devices operating in cloud and IoT environments.

The FIDO Alliance currently has published three sets of user authentication specifications for simpler, stronger authentication: FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework (FIDO UAF) and FIDO2, which includes the W3C’s Web Authentication (WebAuthn) specification and FIDO Client to Authenticator Protocol (CTAP). The alliance also has a specification for secure onboarding of edge and IoT devices (FDO). The specifications are open and free

for global use. Find out more about the FIDO Alliance at https://fidoalliance.org/

Links to the articles

• Federated identity orchestration.

• Managing identities for 20 years.

• Balancing security and ease-of-use.

Share this article:

Further reading: