FB pixel

Digital identity gets mediocre marks in annual progress report

Digital identity gets mediocre marks in annual progress report
 

Internet of Things devices are largely unsecure and challenging or impossible to harden, and a skills shortage remains, but progress is being made towards the possible elimination of passwords, according to the 2019 Digital Identity Progress Report from cybersecurity publication Infosec Pro.

The report notes that many of the internet’s top sites are now offering multi-factor authentication, but passwords are still required as the first step.

“(E)nd user education and familiarity with something other than a password during login, must surely be the first steps to getting ridding of them entirely,” the report says, giving “Passwordless” a B- grade. “2018 also saw the rise of WebAuthn – the W3C standards based (sic) approach for crypto based challenge response authentication. Could this hopefully accelerate adoption to a password-free world?”

API Protection is given a C+, as fine-grained controls, token revocation, and rotation are not yet mature, according to the report. Microservices protection gets a B-, with side car and inflight/proxy approaches to traffic introspection and security enforcement, as well as stateless OAuth2 identified as reasons for optimism.

IoT security gets a C-, as default credentials, hard-coded keys, un-upgradeable firmware, lack of support for HTTPS or access token storage are all very common. Infosec Pro gives User Consent Management a B-, citing GDPR, but also points out that consent is often a simple matter of box-ticking as a public relations measure, and wonders: “will the end user be ever truly in control of their data?”

The report concludes that each area could improve by a grade in the next 18 to 24 months, with improving knowledge, standards maturity, and technology. The skills shortage that applies generally to cybersecurity is also a challenge for digital identity, however, and with new threats emerging and a need to balance security against usability, improvement is far from guaranteed.

Industry experts recently showed a similar mix of concern and optimism in sharing their thoughts on the online identity landscape.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events