Who would have dreamed – even ten years ago – how many ways we’d have to authenticate users in 2017? While passwords and tokens were the foundation of identity and access management for many years, today there’s an array of options to choose from: multi-factor authentication (MFA), standards-based solutions, biometrics and smartphone-based authentication - just to name a few.
This growing list of authentication options should come as no surprise considering the rapid rate at which applications are moving to the cloud and users are embracing mobile devices. These behavioral and organizational shifts are driving authentication methods in two directions: toward more convenient access to please users and toward more secure access to satisfy IT security teams.
With that context, here are the latest authentication trends you should know about:
Modern methods for modern workstyles. Organizations have more multi-factor authentication choices than ever so they can offer users more flexibility to meet their changing needs. What’s next? Watch the growing trend toward dynamic, frictionless solutions that automatically know who you are based on contextual clues and behavioral access patterns, while still providing a high level of identity assurance. Certified interoperability with on-premises and cloud apps will also become increasingly important as the number of applications grows.
SSO keeping pace with growth in cloud and mobility. The need for user convenience is growing in proportion to the tremendous growth in the number of systems and applications users need. You can’t expect people to remember hundreds of unique passwords and that’s why many organizations are betting on single sign-on (SSO). But SSO is only effective if organizations have the assurance that those who request access are who they say they are. Don’t be surprised to see more SSO providers partnering with security and authentication specialists to deliver solutions that use advanced analytics to increase security and transparency.
Standards-based authentication. Several emerging open standards and protocols for multi-factor authentication are making it possible to meet diverse user needs and still have consistent integration processes and user experiences across systems, devices and apps. For example, you can have a different type of authentication method for an employee who routinely accesses lower-risk applications than for a privileged user, but you can employ the same standards and protocols to incorporate and administer both.
Biometrics that live up to the hype. You can’t really blame some for thinking, “I’ll believe it when I see it,” when it comes to biometrics becoming a commonly used method for enterprise authentication. Providing a fingerprint or eyeprint may be easy for the user, but getting to this point has historically been costly and a complex challenge for enterprises to solve. Today; however, with a maturing ecosystem of biometric-ready smartphones - coupled with the adoption of open standards - the stars finally seem to be aligning for broader adoption of biometrics.
Device-level trust. Smartphone-based authentication is becoming increasingly popular, but it still poses challenges. Sure, you can use advanced authentication tools such as biometrics to provide assurance that the phone’s owner is the one using the phone, but how do you know if the phone itself can be trusted? We’re seeing phone manufacturers continuing to work to establish a verifiable ID that will enable organizations to feel more confident about extending trust to a device.
The increased popularity of enterprise mobile applications only heightens the need for a consumer-simple experience—one that provides access control commensurate with the risk of a given transaction. MFA, SSO, authentication standards, biometrics and smartphones will each continue to play a role as the market moves toward risk-aware authentication.
What does your authentication future look like? Take a deeper dive into these and other user authentication developments in this new eBook, User Authentication Trends 2017 and give some thought to where you want to take your identity and access strategy when it comes to better protecting your most critical data while enabling users to quickly and easily access what they need from anywhere, at any time.
Author: Tony Karam
Category: RSA Point of View, Blog Post
Keywords: Authentication, Authentication Methods, Modern Authentication, Multi-Factor Authentication, MFA, RSA SecurID, Single Sign-On, Biometrics