The three main growing trends in authentication are biometrics, mobile authentication, and risk-based authentication.
Proving your identity with Biometrics means using “something you are” to authenticate yourself. The adoption has been steep over the last few years and it is for good reason. It is a strong barrier to credential theft and the only authentication factor that provides ‘proof of presence’ and ‘non-repudiation’. The types of biometrics include:
- Facial recognition
- Voice recognition:
- Iris recognition
- Behavioural biometrics - includes identifying factors like typing style, swipes on a mobile device, dwell time, and technical identification.
Very popular in day to day usage is fingerprint as desktop readers are easily available and more cost-effective than other forms and incorporated in many mobile devices.
Device manufacturers have certainly engaged with higher levels of mobile authentication. The latest authentication solutions can integrate with both on-device and other factors to authenticate their users over several platforms including:
- Secure mobile apps; features such as SDKs and secure enclaves.
- Mobile push notifications that let you authorise with a swipe.
- Fingerprints and facial recognition biometrics.
- One-time passwords sent via SMS.
- The emerging FIDO 2.0 architectural standard in mobile.
In addition to traditional factors (what you have, are and know), more and more IAM platforms are moving to a risk-based factors. This cleverly evaluates how people are trying to access your systems and data using contextual risk factors such as their time, velocity, location, and behaviour. Factors such as what you do, where you are and when you act can be incorporated into a risk-based authentication approach.