If you’re on the lookout for the newest trends in digital identity, security, and authentication, you’re probably aware of the IDWA (Identity Week Asia) event. Digital identity experts gather annually at Identity Week Asia to provide updates and insight into the identity landscape.
The virtual event brings vital information to governments, financial institutions, healthcare professionals, and more.
This year, Telesign’s own Abhijit Kulkarni – VP Asia Pacific, spoke on the hour-long virtual panel ‘Strong Authentication Solutions’ alongside other experts in the field, including: Joon Hyuk Lee, FIDO Alliance, Yusuf Khan, Digital Dubai, Jeremy Mendoza, Boehringer Ingelheim, Alok Agrawal, Gojek, and moderated by Catherine Nabbala, Decentralized Identity Foundation.
Below is a recap of the key insightful moments Abhijit brought to the event:
- What businesses are using in response to authentication trends
- With biometric authentication solutions popping up, how should we assure that user info is secure?
- The main reasons mobile authentication is so popular now
- How to make mobile authentication more inclusive
- How to balance security and user experience
What businesses are using in response to authentication trends
It’s no secret that businesses everywhere continue to move online. From customer service to events, the impact of digital presence has never been so prevalent. Given this ongoing shift, businesses must authenticate end users digitally. The current trends of the process show the overall effect it’s having.
“Earlier, everything was password – you had a username and password – but the emerging trends are very clear. One is that people are moving to MFAs. They don’t want to authenticate using a single factor, they want a password with an OTP plus maybe some other factor like a mobile-based authenticator.”
Another authentication trend for businesses is using the digital trail of end users to authenticate identity.
“You’re leaving a digital footprint when you do transactions, communicate, P2P communications, P2B communications, and shopping, and there are attributes associated with those digital footprints. There are a lot of trends where people are using these attributes to authenticate the identity of an end user, which is more frictionless when the end user doesn’t want to remember passwords. From that perspective, the future of authentication is moving towards creating a process that end users don’t have to be involved in.”
With biometric authentication solutions popping up, how can we ensure user info is secure?
Biometrics have become much more mainstream, and even the skeptics have embraced them and now see their potential value. Of course, that doesn’t mean they are perfect.
“The biggest issue I see in biometrics is that it has a security flaw which is your password can be reset, but your biometrics cannot be reset.”
Biometrics, however, is just touching the surface when it comes to securing systems and identifying users.
“Another form of biometrics that is really picking up is behavioral biometrics. For example, you have a sensor in your phone that looks into your behavioral biometrics: How you’re typing, whether you type ‘E’ with your right or left thumb, and how much pressure you’re applying to the screen.”
Ultimately, biometrics has its place in authentication, but it’s clear that it is only a part of the security equation. It needs to be paired with more effective forms of security in order to best serve its purpose.
“A mobile number is the biggest unique identifier for a user. Everybody has a mobile number, and it’s now associated with so many things. If you’re able to verify that phone number with other attributes, and if you’re able to then authenticate end-user basics, along with the biometrics, that will enhance the user experience while increasing security.”
The main reasons mobile authentication is so popular now
Mobile authentication is booming, and there’s more to it than simple phone number verification, as we sometimes forget.
“It’s not only about verifying a number from a telephone, but also to check if the SIM has been swapped in the last 24 hours, or if the transaction volume is higher. You can do multiple checks to establish verification, such as a contact match or name match. So, it has more to do with phone numbers and how you can use them to verify a user’s identity, and that is frictionless – the user doesn’t have to do anything.”
How to make mobile authentication more inclusive
It’s important to extend identity security measures to everyone, including people in locations where affording a mobile phone is difficult. So how can we go about doing this? What are some real solutions to making mobile authentication a more inclusive process?
“If phones are actually penetrating into the rural parts of Nepal, Bangladesh, India, Nigeria, etc. I think it would make more sense for governments to fund these kinds of secure phones for any users, other than getting infrastructure parallel to the mobile ecosystem. Also, there are cheap phones available now.”
How to balance security and user experience
Finally, the one thing we cannot afford to forget in all this talk of identity security is the user experience. Onboarding a customer requires a delicate balance of authentication and ease-of-process.
“The most important thing is this process has to take place during the entire customer lifecycle. When you onboard a customer, you need to identify risk associated with that particular customer. At the same time, it needs to be rechecked time and time again. It can be every month, two months, three months, etc., but you need to reverify and keep on authenticating end users at every level so that you’re able to provide better security, and at the same time a better user experience.”
In the fast-evolving world of digital identity authentication, meetings like IDWA—and experts like Abhijit—help industries around the world stay on top of identity. If you want more information, check out the official Identity Week Asia event page.