Retrospect: What Happened in Identity Management in 2020
Identity management has been changing drastically for several years due to digitalization and a rapid increase in the number of digital services. There are constant innovations, ideas and new developments in this area to delight users with more convenience, to protect them and the systems more effectively, and even occasionally a development driven by the market powers as well.
However, especially in the last year, with the beginning of the pandemic, digital services gained enormous relevance in order to continue to reach the customer. But topics such as data protection were also very much on the agenda.
A short pickup: Identity and Access Management is used in the enterprise environment as well as in the customer environment. This realizes convenience with features like single sign-on and passwordless authentication, as well as federated identity and security through multi-factor authentication or fine-grained rights, role, and group management.
Let’s start our journey with 2020 and what impact it had on Identity Access Management.
- February 2020
Farewell to password change constraints
The BSI is revising the IT Baseline Protection Compendium and saying goodbye to the recommendation to change passwords regularly. Simultaneously, it removes the requirement for fixed rules for password length and complexity as well. - March 2020
Apple’s ID and iOS 13 SDK become mandatory.
Apple has warned that from the end of April it will only accept iPhone apps and updates created with the latest SDK. “Sign in with Apple” is also mandatory.
“Sign in with Apple” has simplified the process of creating new accounts; on Apple devices, biometric authentication is sufficient. No new passwords or confirmation emails need to be assigned, and there’s no need to share your email address. Apple emphasizes that no data is collected for tracking or profiling by using the service. - June 2020
Safari supports WebAuthn
Login without password: Apple brings Face ID and Touch ID to the web. iPhone, iPad and Mac users will be able to log in to web services via biometrics in the future. The FIDO Alliance hopes for a quick rollout. - July 2020
GitHub has announced that it will rely entirely on token-based authentication in the future. From November onwards at the latest, it will no longer be possible to log in to the REST API with a name and password. Probably starting in summer 2021, developers will need tokens for all GitHub actions that require authentication.
Joining the Alliance for Cybersecurity
cidaas has joined the Alliance for Cybersecurity as a member! Since mid of July cidaas is part of the Alliance for Cybersecurity.
cidaas in the OpenID Foundation!
cidaas joins the OpenID Foundation as a Corporate Member, giving it the opportunity to influence the future of identity management and help shape specifications as a member of one of the leading organizations. - September 2020
The European Cyber Security Month (ECSM) of the European Union Agency for Cyber Security ECSM (European Cyber Security Month) took place again.
ECSM offered great activities to inform citizens and organizations about current risks and measures in the fight against cybercrime. cidaas participated with a free webinar on Smart MFA: Multi-factor authentication with convenience and security. - November 2020
cidaas launches “Bye bye password initiative!”
As part of the initiative “Bye bye password! The Future of Login,” cidaas is launching a passwordless authentication initiative. The campaign page is now available at www.tschuesspasswort.de zu finden.