Remembering many complex passwords is impossible so their inevitable re-use means they are no longer a safe way to protect our online worlds. Moreover, following the data breach endured by LastPass in August, are password managers about to have their fall from grace too?
SMS text and One Time Passcodes are cumbersome, unreliable and expensive. If you’re in a no reception zone they don’t even work.
Is single-step, passwordless multi-factor authentication the way to go in 2023? Some of the most influential cyber security leaders have their say.
Seasoned industry guru, and pioneer, Correy Voo opens, “2023 will see a consolidation in authentication solutions with growing emphasis on password-less methods, more intuitive MFA, and more solutions allowing individuals to assume responsibility for their own identity data and owning the rights to use that data. Archaic and esoteric forms of authentication such as SMS OTP will finally become obsolete.”
Leading London cybersecurity PR agency, Eskenzi, shares their insights. Beth Mead, Senior Account Director at this dynamic and influential media shop comments, “We’re already seeing more industry-wide mandates for stronger authentication, particularly in light of PSD2’s SCA requirements that came into force last year. Similar to many other regulated areas, like seatbelts in cars or speed limits, people generally aren’t receptive to changing their behaviours until they become regulated – even if it is for their own good or the wider good. For this reason, it’s likely that multi-factor authentication and other security measures will become mandatory for more and more online services. Having worked in cybersecurity for over 25 years, Eskenzi has witnessed literally thousands of data breach headline stories. Changing password behaviours is a slow process, but with more regulation and cybersecurity providers like MIRACL who are making it simpler to log in securely and reduce pain for users, there is light at the end of the tunnel.”
Rob Griffin, CEO at MIRACL sees 2023 as the year in which authentication will be high on the agenda for digital operators. “For the last 30 years, the password has basically been the only option for B2C operators so admin systems have provided little insight as to how well those passwords are fulfilling their role; i.e. are they successfully taking users to their account? But if the door to your store is jammed, you need to know! Now that there are other authentication options, organisations will start to review their login success rates more than ever before as it represents a big opportunity to grow sales and enhance user satisfaction.
Another trend for 2023: “Regulators around the world are losing patience with the inevitable breaches and account takeovers that passwords cause. Going forward regulators will increasingly demand operators protect their customers properly. The advent of new legislation demanding MFA in online consumer settings will require operators to consider how to avoid friction in the login process that could otherwise jeopardise their business. Only single-step MFA is capable of meeting the simultaneous requirement for user experience and security. This trend is already happening in Gaming but many sectors will follow suit. Operators across many sectors, such as travel, hospitality, loyalty and retail, will be looking for effective multi-factor authentication that does not add friction to the login process, but enhances its usability. This represents a win-win opportunity for a better customer experience and increased profit potential.”
Professor William (Bill) J Buchanan, OBE, Professor of Applied Cryptography at Edinburgh Napier University adds. “I hope 2023 will be the year where we take digital trust seriously. Unfortunately, the Internet we have built is often deeply flawed in its trustworthiness, and this untrustworthiness leads to the many cybersecurity threats that we see.”
“2023 should see a focus on the citizen, and their privacy, their identity and digital rights. Let it be a time when we can properly start to share data and use it for good, rather than it being a focus for companies to harvest it. And, let’s educate our next generation about the opportunities that cryptography brings to our world, and show them the tools that can truly model our existing world in a more trustworthy, resilient, and secure way. The Internet is one of the greatest achievements of humankind ever created, so now let’s build it properly!”
Finally, Crypto specialist, Dr Michael Scott believes 2023 will see the demise of Bitcoin, and despite a move towards a passwordless online environment from a number of tech giants they will still play a key role in authentication. He says, “Passwords will continue to be the main means for authentication, however FIDO will continue to fail to gain serious traction. Bitcoin will collapse as miners give up on mining as being unprofitable, and some-one launches a successful 50% + 1 attack. A quantum computer that threatens cryptography will seem further away than ever.”
MIRACL is the world’s fastest single-step and passwordless multi-factor authentication login favoured by gaming organisations, retailers such as Rite Aid and big tech such as Experian. Users authenticate with a 4-digit PIN. Software-based and API-enabled to work from any device or browser, means a quick and seamless integration with any device or platform being used. The software doesn’t store personal data, passwords or PINs, so it’s fully resistant to remote attacks - with zero security vulnerabilities. The old notion that your account login must trade off between security and usability is no longer true, MIRACL offers both at the same time.
For further information visit www.miracl.com
For further press information or interviews please contact the MIRACL press office:
Highly secure, password-free login in just two seconds. The fastest way to improve the user experience, decrease costs and win lost revenue. MIRACL Trust is a PSD2 compliant multi-factor solution for both authentication and transaction signing that runs natively on any device without downloads. It’s GDPR friendly since no user data is stored or needed to integrate with any other identity or service platform. MIRACL’s global portfolio of clients include Credit Agricole, Cashfac, MyLottoHub, Experian and Domino’s Pizza. MIRACL’s technology is licensed to the US Government, Intel, Google and Microsoft. In a recent customer report out of 50,407 logins, only 2 people needed to reset their PIN - a success rate of 99.99998%.