Digital identity “for breakfast” at the Digital Breakfast
Secure, digital, and personal identity, that was the title of our online breakfast. This morning, we focused on identity, why passwords are no longer sufficient for protection, and which modern, secure, password-free processes are gaining acceptance.
In this article, we would like to share the exciting questions and answers from our discussion group with you once again.
Question 1: Passwords are stored in a hash. If criminals get access to my passwords, they can be changed, but biometric methods cannot. How can biometrics be secured?
Meanwhile, with little effort, passwords can be guessed and misused in several attacks. On the contrary, biometric procedures are much more complex.
Fingerprint, FaceID of the smartphone, Windows Hello or other biometric methods of the end device is and will be the biometric authentication methods on the end device. Basically, cidaas asks for an authentication process, so that the terminal device displays a stored biometric process with the query. After the user successfully confirms his identity, the terminal device informs cidaas that the authentication has taken place and the user is authenticated.
Question 2: How secure are device biometrics against cybercrime?
Passwords which are entered in the browser can be guessed by various attacks such as phishing, credential stuffing, etc. They are also significantly vulnerable to virus attacks.
The devices protect these sensitive, biometric procedures by means of technically separated, secure areas in the device itself. Thus, these procedures are more secure, especially in comparison to attacks to obtain passwords.
Question 3: How is the acceptance of biometric techniques?
Most of our customers currently offering their users passwordless procedures, including biometric procedures. Overall, we see an increasing acceptance of passwordless methods, whether one-time passwords or device biometrics.
Demographic characteristics, especially age, are an influencing factor in the decision for an authentication procedure.
According to our estimates, about 10% of users already occasionally use passwordless methods and this number is on the rise. The driving force behind this is the convenience on the various end devices, namely smartphones, but in future also smart home devices.
Question 4: How does it look like from a user perspective? Can I bring my own identity and use my preferred method?
When managing your own identity, we enter into another area, the Self Sovereign Identity. This is about bringing your own identity with you. The common identity providers here are Facebook, Twitter, Office365, or other social login providers. Increasingly, other identity providers are also being formed.
Authentication is carried out with Self Sovereign Identity. What is critical on all digital channels is the authorization management, i.e. what the user has access to, what he is entitled to see. Therefore, you need cidaas, which can smoothly add login providers in a pluggable approach.
Question 5: Does not the security of biometric procedures lose when registering with social login?
If a Social Login is used, it is still possible for the registered user to set up another procedure, e.g. TouchID. From the point of view of cidaas, both Social Login and the newly established authentication procedure TouchID are then accepted.
Question 6: To what extent do social login providers then have access to the user data?
It is impossible to say in general terms for all providers. In most cases, the providers will at least be able to track when a user has carried out an authentication on a platform.
Question 7: How do I relate customer experience to security?
Fundamentally, it can be said that the more convenient procedures are, the more carelessly users deal with them. Passwords with their password rules are understandably difficult for users to remember, so many tend to use passwords that are easy to remember and reuse.
Customer Experience at cidaas stands for comfort in authentication, as well as comfort in registration, e.g. B2B customers no longer need to send an e-mail with their name to board additional team members. Instead, the manager manages his employees and their authorizations with the group functionality of cidaas, as delegated admin. Procedures that the customer uses internally can also be integrated directly into the portal and activated for him, such as Office365.
In any case, there is a need for repetition on our part! Write to us with pleasure.
You can also find the whole presentation on Youtube.