Why our digital future depends on identity and rebuilding trust

Check out all the on-demand sessions from the Intelligent Security Summit here.


The adoption of a password-free future is being hyped by some of the biggest tech companies, with Apple, Google and Microsoft committing to support the FIDO standard in May. Along with the Digital ID bill reintroduced to Congress in July, we’re poised to take a giant leap away from the password to a seemingly more secure digital future. But as we approach a post-password world, we still have a long way to go to ensure the security of our digital lives.

As companies continue to develop solutions to bridge the gap to a world without passwords, many have prioritized convenience over security. Two-factor authentication (2FA) and multi-factor authentication (MFA) methods such as SMS or email verification – or even the use of biometrics – have emerged as leading alternatives to the traditional username/password. But here’s the catch: Most of these companies validate devices on their own and don’t properly leverage this technology, leaving the door open to bad actors.

The blind spots of biometrics

Businesses that use biometrics claim to use biometric data to secure and simplify account access, but there is an underlying issue. Do they link an account holder’s biometrics to the account itself or the account holder? In many cases, the answer is that they use a combination of both biometric data and older technology. This exposes account holders to account takeovers and other fraudulent activities.

Another problem is that some verification companies use a one-time scan of the account holder’s ID or other publicly issued documents. They then link this data to an existing account that still uses a username/password that the company has. Security experts do not recommend this, as static credentials create a false sense of trust. If a breach occurs, a user’s account remains vulnerable to impersonation and fraud.

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Watch sessions on demand today.

Look here

And then there’s the lack of facial recognition technology, which hasn’t evolved to the point where it can consistently log you into accounts. In recent years, studies have shown that the facial recognition technology behind many verification solutions often fails to recognize women and people of color, unfairly increasing the time it takes to process login requests and potentially blocking people’s access to critical resources.

Verify people, not entities

Today’s security realm uses the approach to validate devices. Biometrics and other security layers — like 2FA/MFA — were never intended to identify the actual person behind the screen, which is a shortcoming.

We know that these online security methods are only effective when you know who is using the device. Suppose someone claims to be you and links their fingerprint to your account, for example. If so, it’s convenient for the bad actor, but a disaster for everyone else.

However, a competing philosophy is emerging: We should validate people and not strictly entities. Multi-Factor Identity (MFI) drives this new security philosophy. MFI fulfills the vision of a secure and passwordless future by knowing the real identity of someone online – the missing link to keeping accounts protected and reducing fraud.

While biometrics and 2FA/MFA are important steps, the future of account security depends not only on them, but on technology that eliminates these issues by verifying people, not devices. The most effective approach would be to pair real-time authentication measures with a publicly issued ID to verify users.

A more human and safe internet

There is a bigger vision here for cyber security, which MFI is helping to achieve. It’s the idea that we can build a more human, safer internet through identity verification – and ultimately a more trusting digital experience.

Today’s online world lacks trust. Going back to the early days of the internet and computing, there was a smaller group and more trusting community where networked computers came together, run by famous people. You could more easily know who someone was and where a password could reasonably protect an account and the user. But as the Internet has grown, that trust has all but disappeared.

And it’s hard to regain trust, whether online or over the phone, without knowing the identity of others. Trust is the most important issue today, especially if we are to fulfill the promise of new digital spaces, such as NFTs, the metaverse and more. Our digital world is massive and growing so fast that the metaverse could push it to breaking point without more reliable ways to identify each other.

We’re excited to see increased adoption of technology that solves the problem of helping businesses trust the identity of their users and unlock faster, more secure account access. MFI can help us get there, rebuild the trust that helped start the internet and now ensure it is sustainable.

Aaron Painter is the CEO and founder of Nametag.

Data Decision Makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people involved in data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You may even consider contributing an article of your own!

Read more from DataDecisionMakers

Leave a Reply

Your email address will not be published. Required fields are marked *