Overview#Maverick Research The Death of Authentication is an article from Gartner by Bob Blakley
Bottom Line#Authentication is a bad technology: It's expensive to implement, it's hard to use, it's too easy to subvert or circumvent, and it fails more and more frequently and more and more spectacularly in today's increasingly risky electronic environment.
Until recently, there was no alternative, but now there is: Enough personal information exists in electronic form that we can move from authentication to recognition — and we will.
Context#A large number of recent incidents — characterized in the press and the security community as privacy breaches — are trying to teach us that a tremendous amount of information about people and their activities exists in the electronic world. We can use that information for evil purposes (e.g., to invade people's privacy), or we can ignore it — but we can also use it to improve peoples' online experiences.
- Authentication has never worked very well, and it's degrading quickly in effectiveness.
- Until recently, no alternative to authentication existed when we wanted to gain any degree of confidence in peoples' identities.
- The explosion of online data about people and their actions gives us a new option: recognition.
- Recognition is how we identify people in the real world, and we've already started to do it in the electronic world — albeit mostly in low-assurance scenarios.
- Enterprises will move from authentication to recognition over the next decade.
- The change will be gradual, and the two solutions will coexist for several years.
- Authentication vendors need to start preparing for the shift now.