FB pixel

Digital identity gets mediocre marks in annual progress report

| Chris Burt
Categories Biometrics News  |  Mobile Biometrics  |  Trade Notes
Digital identity gets mediocre marks in annual progress report
 

Internet of Things devices are largely unsecure and challenging or impossible to harden, and a skills shortage remains, but progress is being made towards the possible elimination of passwords, according to the 2019 Digital Identity Progress Report from cybersecurity publication Infosec Pro.

The report notes that many of the internet’s top sites are now offering multi-factor authentication, but passwords are still required as the first step.

“(E)nd user education and familiarity with something other than a password during login, must surely be the first steps to getting ridding of them entirely,” the report says, giving “Passwordless” a B- grade. “2018 also saw the rise of WebAuthn – the W3C standards based (sic) approach for crypto based challenge response authentication. Could this hopefully accelerate adoption to a password-free world?”

API Protection is given a C+, as fine-grained controls, token revocation, and rotation are not yet mature, according to the report. Microservices protection gets a B-, with side car and inflight/proxy approaches to traffic introspection and security enforcement, as well as stateless OAuth2 identified as reasons for optimism.

IoT security gets a C-, as default credentials, hard-coded keys, un-upgradeable firmware, lack of support for HTTPS or access token storage are all very common. Infosec Pro gives User Consent Management a B-, citing GDPR, but also points out that consent is often a simple matter of box-ticking as a public relations measure, and wonders: “will the end user be ever truly in control of their data?”

The report concludes that each area could improve by a grade in the next 18 to 24 months, with improving knowledge, standards maturity, and technology. The skills shortage that applies generally to cybersecurity is also a challenge for digital identity, however, and with new threats emerging and a need to balance security against usability, improvement is far from guaranteed.

Industry experts recently showed a similar mix of concern and optimism in sharing their thoughts on the online identity landscape.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Canada regulator backs privacy-preserving age assurance

The Office of the Privacy Commissioner of Canada (OPC) has published a policy note and guidance documents pertaining to age…

 

FCC seeks comment on KYC revision for commercial phone calls

The U.S. Federal Communications Commission (FCC) has proposed stronger KYC requirements for voice service providers to prevent scams and illegal…

 

Deepfake detection upgrade for Sumsub highlights continuous self-improvement

Sumsub has launched an upgrade to its deepfake detection product with instant online self-learning updates to address rapidly evolving fraud…

 

Metalenz debuts under-display camera for payment-grade face authentication

Unlocking a smartphone with your face used to require a camera placed in a notch or a punch hole in…

 

UK regulators pan patchwork policy for law enforcement facial recognition

The UK’s two Biometrics Commissioners shared cautionary observations about the use of facial recognition in law enforcement over the weekend…

 

IDV spending to hit $29B by 2030 as DPI projects scale: Juniper Research

Spending on digital identity verification (IDV) technology is projected to reach a 55 percent growth rate between now and 2030,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events