A Passwordless Future: Keyless 2023 Payment Authentication Predictions
Original Article (registration required for download)
From the eventual phase-out of OTPs to the widespread adoption of passwordless, how we authenticate people online is changing.
In our latest e-book, we discuss our top predictions for the future of authentication and identity, particularly focusing on trends in the financial services industry.
Specifically, our latest guide will cover:
OTPs and their decline
The twin pillars of identity and authentication
The relationship between privacy and innovation
The convergence of SCA and passwordless authentication
Device-based biometrics and their efficiency…
The Cyber Hut Comment: Biometric authentication provider keyless.io (acquired by Sift in 2022) released a report taking a look at some key authentication trends that the financial services sector will face in 2023.
The report covered 6 main themes. Starting off is the decline of OTP - something that has been happening for a few years, but in areas like south east Asia, the incidence of SIM swapping has essentially made this approach obsolete entirely as a secure MFA step.
Next up, was the linking between identity and authentication. They are very much different things - with concepts such as identity verification and proofing often only happening during on-boarding - with downstream authentication not always linking to the proven identity. Keyless are arguing that the two concepts are blurring - and I tend to agree. Proofing vendors are adding in authentication features and authentication providers are adding in basic proofing.
Another point the report makes is the need for PET - privacy enhancing technologies - and how that relates to biometrics. Whilst privacy is becoming more of a competitive differentiator (see here for a write-up on a recent poll The Cyber Hut regarding consumer views on privacy) it will be interesting to see if biometrics can become enough of a battlefield that means consumers will start making informed choices about how they authenticate with them - based on where that data is stored and processed. Continuing the biometrics thread, the report also discusses how native mobile biometrics (like FaceID for example) are too device centric - meaning a lost device means re-enrolment of the same biometric on a new device. A step that is often time consuming for the end user.
The report concludes by saying that ATO (account take over) fraud - especially for the emerging fintech sector - will continue to rise.
IAM Radar by The Cyber Hut is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.