Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
The adoption of a password-free future is hyped by some of the biggest tech companies, with Apple, Google, and Microsoft committing to support the FIDO standard this past May. Along with the Digital ID Bill reintroduced to Congress this past July, we’re poised to take a giant leap away from the password to a seemingly more secure digital future. But as we approach a post-password world, we still have a long way to go in ensuring the security of our digital lives.
As companies continue developing solutions to bridge us to a passwordless world, many have prioritized convenience over security. Methods of two-factor authentication (2FA) and multi-factor authentication (MFA) such as SMS or email verification — or even the use of biometrics — have emerged as leading alternatives to the traditional username/password. But here’s the catch: Most of these companies are validating devices alone and aren’t properly leveraging this technology, leaving the door open for bad actors.
The blind spots of biometrics
Companies employing biometrics claim to use biometric data to secure and simplify account access, but there is an underlying question. Are they tying an account holder’s biometrics to the account itself or the account holder? In many cases, the answer is they use a combination of both biometric data and legacy technology. This exposes account holders to account takeovers and other fraudulent activities.
Another issue is that some verification companies use a one-time scan of the account holder’s ID or other government-issued documents. They then link that data to an existing account that still utilizes a username/password, which the company holds. Security experts don’t recommend this, as static credentials create a false sense of trust. If a breach occurs, a user’s account is still susceptible to impersonation and fraud.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
And then there is the shortcoming of facial recognition technology, which hasn’t advanced to the point that it can consistently log you into accounts. In recent years, studies have shown that the facial recognition technology behind many verification solutions frequently fail to recognize women and people of color, unfairly prolonging the time it takes to process login requests and potentially blocking people’s access to critical resources.
Verify people, not devices
Today’s security realm uses the approach of validating devices. Biometrics and other security layers —such as 2FA/MFA — were never intended to identify the actual person behind the screen, which is a shortfall.
We know that these methods for online security are only effective when you know who is using the device. Suppose someone claims to be you and links their fingerprint to your account, for instance. In that case, it’s convenient for the bad actor but a disaster for everyone else.
However, a competing philosophy is emerging: We should validate people and not strictly devices. Powering this new security philosophy is Multi-Factor Identity (MFI). MFI fulfills the vision of a secure and passwordless future by knowing the real identity of someone online — the missing link to keeping accounts protected and reducing fraud.
While biometrics and 2FA/MFA are important steps, the future of account security does not rely solely on them, but on technology that eliminates these problems by verifying people, not devices. The most effective approach will be pairing real-time authentication measures with a government-issued ID to verify users.
A more human and safe internet
There’s a larger vision here regarding online security, which MFI is helping reach. It’s the idea that we can build a more human, safer internet through identity verification — and eventually, a more trusting overall digital experience.
Today’s online world lacks trust. Going back to the early days of the internet and computing, it was a smaller group and more trusting community where networked computers came together, operated by known people. You could more easily know who someone was and where a password could reasonably protect an account and the user. But as the internet has grown, that trust has virtually disappeared.
And it’s difficult to gain that trust back, whether online or over the phone, without knowing the identity of others. Trust is the paramount issue today, especially if we are to fulfill the promise of emerging digital spaces, such as NFTs, the metaverse, and more. Our digital world is massive and growing so rapidly that the metaverse could push it to a breaking point without more trusted ways to identify each other.
We’re excited to see increased adoption of technology that solves the problem of helping companies trust the identity of their users and unlocking faster, more secure account access. MFI can help us get there, rebuilding the trust that helped start the internet and now ensuring that it is sustainable.
Aaron Painter is CEO and founder of Nametag.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!