FB pixel

Digital identity gets mediocre marks in annual progress report

| Chris Burt
Categories Biometrics News  |  Mobile Biometrics  |  Trade Notes
Digital identity gets mediocre marks in annual progress report
 

Internet of Things devices are largely unsecure and challenging or impossible to harden, and a skills shortage remains, but progress is being made towards the possible elimination of passwords, according to the 2019 Digital Identity Progress Report from cybersecurity publication Infosec Pro.

The report notes that many of the internet’s top sites are now offering multi-factor authentication, but passwords are still required as the first step.

“(E)nd user education and familiarity with something other than a password during login, must surely be the first steps to getting ridding of them entirely,” the report says, giving “Passwordless” a B- grade. “2018 also saw the rise of WebAuthn – the W3C standards based (sic) approach for crypto based challenge response authentication. Could this hopefully accelerate adoption to a password-free world?”

API Protection is given a C+, as fine-grained controls, token revocation, and rotation are not yet mature, according to the report. Microservices protection gets a B-, with side car and inflight/proxy approaches to traffic introspection and security enforcement, as well as stateless OAuth2 identified as reasons for optimism.

IoT security gets a C-, as default credentials, hard-coded keys, un-upgradeable firmware, lack of support for HTTPS or access token storage are all very common. Infosec Pro gives User Consent Management a B-, citing GDPR, but also points out that consent is often a simple matter of box-ticking as a public relations measure, and wonders: “will the end user be ever truly in control of their data?”

The report concludes that each area could improve by a grade in the next 18 to 24 months, with improving knowledge, standards maturity, and technology. The skills shortage that applies generally to cybersecurity is also a challenge for digital identity, however, and with new threats emerging and a need to balance security against usability, improvement is far from guaranteed.

Industry experts recently showed a similar mix of concern and optimism in sharing their thoughts on the online identity landscape.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Growing role of biometrics in everyday life demands urgent deepfake response

Biometrics are becoming more entrenched a couple of market segments, though not as fast as some would like. The top…

 

PNG expands mandatory digital ID to businesses taking gov’t contracts

The government of Papua New Guinea is making its national digital ID a mandatory form of authentication for all business…

 

Imply reaches face biometrics milestone at tech-forward Arena da Baixada

Imply Tecnologia’s facial recognition model has enabled more than 1 million accesses at Arena da Baixada, the home of Club…

 

Following IPO, ROC is investing in homegrown security for US market

In February, Colorado-based biometrics and vision AI provider ROC closed the first big biometrics IPO of 2026, raising just over…

 

Jumio expanding biometric reusable digital identity across LatAm

Following a launch in Brazil last year, U.S.-based Jumio is expanding its face biometrics-based reusable digital identity product, selfie.DONE, across…

 

Denmark imposes age checks to restrict social media to kids under 15

Welcome two more Europeans nations to the global age assurance legislation party. The Danish government is moving ahead with an…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events