This week at Identiverse 2019 has been interesting: I have had a lot of discussions around passwordless technology. While I was unable to attend, I’ve also heard several people discuss a phrase from Thursday morning’s keynote: “It’s magic.” The idea behind this phrase is that modern authentication should largely just work – in the background and invisible to the user. Renowned author of 2001: A Space Odyssey, Arthur C. Clark, seems to agree with this sentiment, when he said, “Any sufficiently advanced technology is indistinguishable from magic.”
This vision has been realized by many of SecureAuth’s customers, who have implemented our adaptive risk checks and passwordless technology. The good news is that no feats of sorcery are needed to deploy risk-based adaptive authentication. SecureAuth SaaS identity and access management platform is easy to deploy across AWS cloud or hybrid environments and contains the broadest set of adaptive authentication risk checks in the industry. All of which happen behind the wizard’s curtain.
Password complexity solves nothing
I spoke to some of this during my Master Class sessions this week, when I delved into the history of American Prohibition and applied it to modern passwordless and adaptive authentication technology. Some of the same problems we encounter today were encountered by the proprietors, doormen and patrons of 1920s speakeasies. There was no magic inherent to accessing a speakeasy – the process was as broken as passwords continue to be today. Some deeper thoughts:
- Passwords are, and have long been, insecure. Speakeasies used password access 90 years ago and this process was easily defeated.
- Passwords are easily forgotten. Humans are not always great at remembering things. Complex passwords are not conducive to easy recall.
- Passwords are easily stolen. Some speakeasies resorted to issuing membership cards because the passwords would proliferate too quickly.
- Passwords are just frustrating. Complex passwords must be created or issued, remembered by the user, reset when they are stolen or forgotten, or periodically changed due to policy.
Passwordless authentication is a security layer cake
Passwordless authentication is no illusion. It protects organizations from phishing attempts and eliminates the password reuse threat around stolen credentials. It also generally improves user experience. While passwordless technology is an emerging technology currently being developed by a multiple vendors, it generally combines:
- Multi-layered risk analysis that evaluates device, geolocation, IP address reputation, phone number reputation, and user behavior
- Strong multi-factor authentication methods
- Biometrics and hardware authentication keys
While no magician reveals their secrets, adaptive risks checks and machine learning are how this is accomplished – and no one has more than SecureAuth. In fact, Gartner’s Magic Quadrant for Access Management, Worldwide June 2018, says that SecureAuth has “the broadest set of adaptive access features” among all vendors covered in the report. The result is a unique balance of strong security and user experience – the holy grail of passwordless authentication across workforce and consumer use cases.
That is truly magic.