Overview#

Maverick Research The Death of Authentication is an article from Gartner by Bob Blakley

Bottom Line#

Authentication is a bad technology: It's expensive to implement, it's hard to use, it's too easy to subvert or circumvent, and it fails more and more frequently and more and more spectacularly in today's increasingly risky electronic environment.

Until recently, there was no alternative, but now there is: Enough personal information exists in electronic form that we can move from authentication to recognition — and we will.

Context#

A large number of recent incidents — characterized in the press and the security community as privacy breaches — are trying to teach us that a tremendous amount of information about people and their activities exists in the electronic world. We can use that information for evil purposes (e.g., to invade people's privacy), or we can ignore it — but we can also use it to improve peoples' online experiences.

Take-Aways#

  • Authentication has never worked very well, and it's degrading quickly in effectiveness.
  • Until recently, no alternative to authentication existed when we wanted to gain any degree of confidence in peoples' identities.
  • The explosion of online data about people and their actions gives us a new option: recognition.
  • Recognition is how we identify people in the real world, and we've already started to do it in the electronic world — albeit mostly in low-assurance scenarios.
  • Enterprises will move from authentication to recognition over the next decade.
  • The change will be gradual, and the two solutions will coexist for several years.
  • Authentication vendors need to start preparing for the shift now.

Conclusion#

Authentication is everywhere, but it's sick, and it's going to die. It's going to be replaced by recognition — which is the way humans recognize each other in the real world. But the move to recognition will be gradual, and it will require that we pay significant attention to privacy.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 28-Apr-2017 08:49 by jim