As proven by the recent buzz around Heartbleed bug, security breach is a vivid threat for most companies as well as individuals. Nevertheless, as far as identification and authentication are concerned, not much has changed over the past decades. The current technological progress in sensors, and more generally in connected devices, could reverse this situation.
Most individuals rely on one-factor authentication to ensure data security, they create various passwords and PIN codes to preserve their privacy. Most companies use both one-factor and two-factor authentication. The latter one means that users need a token or a smart card, in addition to the passwords, to access the services. But more and more entities turn to three-factor authentication, an even stronger authentication.
According to the European Central Bank, strong authentication is a procedure based on the use of two or more of the following elements– categorized as knowledge, ownership and inherence:
(i) Something only the user knows like a password or a personal identification number;
(ii) Something only the user possesses like a token or a mobile phone;
(iii) Something the user is, like a biometric characteristic. In addition, the elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s).
At least one of the elements should be non-reusable and non-replicable (except for inherence), and not capable of being surreptitiously stolen via the Internet. The strong authentication procedure should be designed in such a way as to protect the confidentiality of the authentication data.
Strong authentication is not new, but the rise of wearable devices and the technology progress made on sensors open new doors for strong authentication. At the moment, strong authentication is essentially used in the IT sector to secure the access to corporate networks. We can think of more mainstream uses of such devices than just corporate security. For instance, mobile payment providers & airlines could benefit from it since one of their hurdles is to check their users’ identity.
New opportunities attract new players which are all developing innovative solutions to enable stronger authentication. Below are two examples:
Ionosys, one of French Tech Hub’s clients, presented its solution at CES 2014 in Las Vegas. Ionosys has developed a smart watch where you can record all your passwords (from building entry security system to mail box). The watch uses fingerprint identification to unlock its data.
Bionym and their Nymi wristband goes a step further in leveraging the potential of biometric characteristics. The Nymi measures a user’s heartbeat, and uses that to verify their identity and then perform various handshake operations to make it easier to login to software, customize settings and manipulate connected devices. According to Bionym, the ECG authentication is almost as accurate as the fingerprints.
We can be sure that more and more startups and corporations will explore the path to stronger authentication solutions.