This article identifies the friction caused by Multi-Factor Authentication (MFA), but then suggests that the solution that adheres to Zero Trust will require re-onboarding of individuals each time they access an online service; its being called Identity-Based Authentication. While this will generate significant revenue for suppliers that validate identity cards and passports, I assume it will infuriate users, or at least the idea infuriates me. Apple, Google, and Microsoft have all agreed to a single approach to biometrics based on FIDO. Please, let’s get this deployed as broadly as possible so we can determine where the vulnerabilities lay before jumping to Identity-Based Authentication:
“Although passwordless authentication is now possible—and a few organizations are equipped to make it happen using the Fast Identity Online Alliance (FIDO2) framework—most of us are stuck with MFA. Yet the news isn’t all bad. More advanced identity frameworks for single-touch MFA and single sign-on (SSO) are emerging and rapidly changing the face of authentication and cybersecurity.
Identity-based authentication (IBA) is at the center of this transformation. It ratchets up protection by conclusively proving the user’s identity rather than allowing a person or device to simply say whom or what it is. At the most secure level, this approach relies on verified sources of identity “proof” (such as a driver’s license, passport or employment card), matches the user through a biometric scan and then issues an authentication key.
If everything checks out, they can access the account. This gives users complete control of their personal information, allowing them to determine what information to share with the various online services they use at the point of access.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group