Original Article (registration required for download)

From the eventual phase-out of OTPs to the widespread adoption of passwordless, how we authenticate people online is changing.

In our latest e-book, we discuss our top predictions for the future of authentication and identity, particularly focusing on trends in the financial services industry.

Specifically, our latest guide will cover:

• OTPs and their decline

• The twin pillars of identity and authentication

• The relationship between privacy and innovation

• The convergence of SCA and passwordless authentication

• Device-based biometrics and their efficiency…

The Cyber Hut Comment: Biometric authentication provider keyless.io (acquired by Sift in 2022) released a report taking a look at some key authentication trends that the financial services sector will face in 2023.

The report covered 6 main themes. Starting off is the decline of OTP - something that has been happening for a few years, but in areas like south east Asia, the incidence of SIM swapping has essentially made this approach obsolete entirely as a secure MFA step.

Next up, was the linking between identity and authentication. They are very much different things - with concepts such as identity verification and proofing often only happening during on-boarding - with downstream authentication not always linking to the proven identity. Keyless are arguing that the two concepts are blurring - and I tend to agree. Proofing vendors are adding in authentication features and authentication providers are adding in basic proofing.

Another point the report makes is the need for PET - privacy enhancing technologies - and how that relates to biometrics. Whilst privacy is becoming more of a competitive differentiator (see here for a write-up on a recent poll The Cyber Hut regarding consumer views on privacy) it will be interesting to see if biometrics can become enough of a battlefield that means consumers will start making informed choices about how they authenticate with them - based on where that data is stored and processed. Continuing the biometrics thread, the report also discusses how native mobile biometrics (like FaceID for example) are too device centric - meaning a lost device means re-enrolment of the same biometric on a new device. A step that is often time consuming for the end user.

The report concludes by saying that ATO (account take over) fraud - especially for the emerging fintech sector - will continue to rise.