Authentication

Identity Authentication

Providing unique evidence of ownership

Formally

The process of determining that one is transacting with the same entity iteratively over time.

Simply put

How do we know it’s still you?

Status quo authentication processes

There are multiple methods for conducting online authentication procedures, many of which involve multiple factors: combining something the user knows (like a password), something the user has (a device or credential), something the user is (a biometric marker like a fingerprint or iris scan), or something the user does (behavioral biometric analysis).

The classic example of authentication on the internet is the ubiquitous username and password. When a customer logs into her bank account, her financial institution needs to know that the person accessing the account is, in fact, the account’s owner. Logging in with a username and password is one means of indicating to the institution that it is dealing with the same person in each transaction. Note that authentication does not necessarily require verification – that is, for standalone authentication procedures the particular identity attributes of the entity being authenticated aren’t being examined, as long as the authenticator can confirm that the entity is identical across transactions.

The problem with the status quo

Historically, key limitations of authentication systems have been driven by encryption standards more broadly. Prior to the advent of public key cryptography in 1976, most secure message transfer was accomplished by means of symmetric encryption protocols. In other words, the transacting parties had to establish a relationship and a secret key ahead of time. As the number of entities grew, this became impractical to scale. Public key infrastructure (PKI) grew out of the necessity to scale the establishment of trust. A common approach has been the use of trusted third-party certificate authorities, thus centralizing the system. Decentralized authentication through protocols such as the PGP Web of Trust continued to exist, but faced barriers to scale that prevented widespread adoption in consumer applications.

Security and user experience are the twin primary concerns with most authentication procedures, and the two are often inversely related in legacy centralized systems. As people access more disparate services online, it is increasingly convenient for them to reuse passwords across service providers. Various studies report that between 70-90% of consumers reuse passwords. This erodes security for individuals whose personal information is more likely to be compromised, and leads to enormous costs for institutions in the form of theft or compliance fines. More secure technologies for alternative authentication exist in various stages of development (multifactor authentication, biometrics, and behavioral analytics, to name a few), but can be less convenient for users and difficult for companies to adopt. Advanced biological and behavioral biometrics have also tended to provoke privacy concerns in some markets. Improving both security and user experience simultaneously is the primary driver for much of the technological innovation for this use case.

The ability of distributed ledger technology to tackle the scale problem of decentralized authentication has been a key area of focus for many technologists.

Private & secure

Custom

Insights


Work with us

OWI is an independent advisory and digital strategy consultancy that can help you generate actionable market and business insights.