FB pixel

Digital identity gets mediocre marks in annual progress report

Digital identity gets mediocre marks in annual progress report

Internet of Things devices are largely unsecure and challenging or impossible to harden, and a skills shortage remains, but progress is being made towards the possible elimination of passwords, according to the 2019 Digital Identity Progress Report from cybersecurity publication Infosec Pro.

The report notes that many of the internet’s top sites are now offering multi-factor authentication, but passwords are still required as the first step.

“(E)nd user education and familiarity with something other than a password during login, must surely be the first steps to getting ridding of them entirely,” the report says, giving “Passwordless” a B- grade. “2018 also saw the rise of WebAuthn – the W3C standards based (sic) approach for crypto based challenge response authentication. Could this hopefully accelerate adoption to a password-free world?”

API Protection is given a C+, as fine-grained controls, token revocation, and rotation are not yet mature, according to the report. Microservices protection gets a B-, with side car and inflight/proxy approaches to traffic introspection and security enforcement, as well as stateless OAuth2 identified as reasons for optimism.

IoT security gets a C-, as default credentials, hard-coded keys, un-upgradeable firmware, lack of support for HTTPS or access token storage are all very common. Infosec Pro gives User Consent Management a B-, citing GDPR, but also points out that consent is often a simple matter of box-ticking as a public relations measure, and wonders: “will the end user be ever truly in control of their data?”

The report concludes that each area could improve by a grade in the next 18 to 24 months, with improving knowledge, standards maturity, and technology. The skills shortage that applies generally to cybersecurity is also a challenge for digital identity, however, and with new threats emerging and a need to balance security against usability, improvement is far from guaranteed.

Industry experts recently showed a similar mix of concern and optimism in sharing their thoughts on the online identity landscape.

Article Topics

 |   |   |   |   | 

Latest Biometrics News


Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…


Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…


Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…


MFA and passwordless authentication effective against growing identity threats

A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face…


Zighra behavioral biometrics contracted for Canadian government cybersecurity testing

Zighra has won a contract with Shared Services Canada (SSC) to protect digital identities with threat detection and Zero Trust…


Klick Labs develops deepfake detection method focusing on vocal biomarkers

The rise in deepfake audio technology has significant threats in various domains, such as personal privacy, political manipulation, and national…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events