Compromised online identities have reached a level that has exposed the weaknesses in usernames and passwords as well as traditional software security solutions. Government services around the world have a growing demand for strong two-factor authentication, but traditional hardware technologies have been too costly and complicated to scale for most countries and internet users.
The UK Government has enlisted the services of Yubico and Digidentity, in a partnership that enables FIDO Universal 2nd Factor (U2F) authentication. GOV.UK Verify is a new simple way for UK citizens to access an increasing range of UK government services online. This is the first government service in the world to make support for simple and strong FIDO U2F authenticators. The service works using a roster of identity providers, who check and confirm a user’s identity before they can access a government service. Digidentity is one of the UK government’s certified identity service providers.
We had a quick chat with John Fontana, Identity Evangelist at Yubico, to hear what he thinks the latest trends in authentication are and why they’re becoming significant today.
- What do you make of the research by Sailpoint that found 56% of employees would sill their work password for less than £700?
“The addition of MFA creates the ‘something you know with something you have’ scenario. Whereas, even if your login credentials were to be stolen (or sold), the thief or recipient still would not be able to get access to your accounts without that second factor.”
- There are several different forms of authentication we can choose from, so what do you see as the respective strengths and weaknesses of the various methods on offer (i.e. authenticators, keys, biometrics, etc)?
“Choice of authenticator can greatly depend on what will be adopted by the organization. For instance, there are many instances where departments within organizations may not allow mobile devices, in that scenario, a hardware authenticator could be used. If an organization allows for multiple forms of authentication, that can be decided by an individual users preference.”
- MFA is widely acknowledged to enhance security, however there are several reasons organisations are putting it off. How are the common barriers going to be overcome in the future?
“Education is extremely important to illustrate the importance of MFA, the positive is that it’s happening. Individuals are seeing reports on almost a daily basis of personal and business data being breached. It is also important to change the perception of MFA as not being a difficult step in security but a necessity. You have a key to your car, you have a key to your home, with MFA, you have a key to protect your online identity and accounts.”
4. How long will this take and when do you see MFA becoming the standard expected by consumers?
“It’s difficult to predict a timeframe, but we can say that we are in an upward trend of MFA becoming part of the daily consumer experience as more banks, services, and other consumer focused websites are implementing MFA to not only keep their customer’s safe, but their data as well.”