FB pixel

Digital identity gets mediocre marks in annual progress report

Digital identity gets mediocre marks in annual progress report
 

Internet of Things devices are largely unsecure and challenging or impossible to harden, and a skills shortage remains, but progress is being made towards the possible elimination of passwords, according to the 2019 Digital Identity Progress Report from cybersecurity publication Infosec Pro.

The report notes that many of the internet’s top sites are now offering multi-factor authentication, but passwords are still required as the first step.

“(E)nd user education and familiarity with something other than a password during login, must surely be the first steps to getting ridding of them entirely,” the report says, giving “Passwordless” a B- grade. “2018 also saw the rise of WebAuthn – the W3C standards based (sic) approach for crypto based challenge response authentication. Could this hopefully accelerate adoption to a password-free world?”

API Protection is given a C+, as fine-grained controls, token revocation, and rotation are not yet mature, according to the report. Microservices protection gets a B-, with side car and inflight/proxy approaches to traffic introspection and security enforcement, as well as stateless OAuth2 identified as reasons for optimism.

IoT security gets a C-, as default credentials, hard-coded keys, un-upgradeable firmware, lack of support for HTTPS or access token storage are all very common. Infosec Pro gives User Consent Management a B-, citing GDPR, but also points out that consent is often a simple matter of box-ticking as a public relations measure, and wonders: “will the end user be ever truly in control of their data?”

The report concludes that each area could improve by a grade in the next 18 to 24 months, with improving knowledge, standards maturity, and technology. The skills shortage that applies generally to cybersecurity is also a challenge for digital identity, however, and with new threats emerging and a need to balance security against usability, improvement is far from guaranteed.

Industry experts recently showed a similar mix of concern and optimism in sharing their thoughts on the online identity landscape.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Digidentity enables remote onboarding registration for GMC doctors in UK

Healthcare continues to open up as a potentially major market for biometrics and reusable digital identity, as evidenced by the…

 

Explaining W3C Verifiable Credentials and biometrics a key mission for Dock Labs

All legitimate credentials can be verified – but not all credentials are Verifiable Credentials. It sounds a bit like a…

 

Ethiopia reveals strategy behind digital ID progress as ID4Africa 2025 opens

Ethiopia’s Fayda digital ID program successes were in the spotlight on the first day of ID4Africa 2025 in the country’s…

 

ID4Africa 2025 begins with record numbers, urgency and Ethiopian PM’s address

ID4Africa’s 2025 AGM kicked off today in Addis Ababa, Ethiopia, attended by Prime Minister Dr. Abiy Ahmed Ali and several…

 

DHS invites comments on new biometric sensor performance studies

The U.S. Department of Homeland Security (DHS) is inviting public comments on a proposed information collection initiative that is aimed…

 

Biometrics, age-appropriate design on the mind of UK Information Commissioner

UK Information Commissioner John Edwards is on a bit of a speaking tour, having recently addressed Privacy New Zealand –…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events