PREDICTIVE INTELLIGENCE
�
cross-platform biometrics without the
need for special sensors.
Industry bodies, like the FIDO Alliance,
have also been instrumental by
promoting open standards that are
more secure than passwords, easier for
consumers to use and simpler for service
providers to deploy – all principles which
we’ve put into practice in our recent
identity innovations, such as ForgeRock
Go. In what was seen as a major moment
earlier this year, Apple joined the FIDO
Alliance – its technological advances
in biometrics matching its public
commitment to passwordless.
Moving towards a confirmation
model of authentication
The first step towards passwordless
and usernameless authentication is to
examine whether and when you really
need to authenticate and at what level.
Ask: ‘How important is it for us to know
who that person is, and how confident
are we that we know who is involved in
the transaction?’
In most instances, looking at the signals
and context of a recognisable device
or browser doing things that the user
normally does, we can be somewhat
confident that the user is who they should
be. Clearly where there are transactions
of consequence, we can verify that this
transaction is being performed with
adaptive and appropriate authorisation.
By adopting a mindset of confirmation
rather than authentication where it
makes sense, the user experience can
become more natural, more like the
real world.
If a company feels comfortable about
who the user is, it doesn’t have to get in
their way. If it does the job of knowing
who the user is really well, then it should
be able to reach a point where the user
isn’t even aware that this is happening.
Even for heavily regulated sectors, like
financial services, which are required
to maintain relevant authorisation,
Nick Caley, Vice President, UK and
Ireland, ForgeRock
this selective approach can still be
beneficial. For example, when it comes
to mobile apps, a bank could give
customers more options for strong
customer authentication to help drive
adoption and enable greater levels of
self service.
Behavioural biometrics: A gamechanger
for frictionless security
and confirmation
While it is true that we have made great
strides in standards and technological
innovation over the last 10 years,
we are still in the early stages of the
biometrics revolution.
There are many more benefits to come
as we move towards the next phase
of adoption. Behavioural biometric
authentication – whereby behavioural
characteristics and contextual clues like
GPS and interactions with a device are
continually captured and evaluated to
build a profile to confirm who a user is
– could make the dream of continuous
authentication a reality. This would
allow businesses to embrace a more
dynamic form of risk profiling and move
to a model of confirmation – benefitting
both parties.
In addition to the savings in time
and money and fraud prevention,
organisations can also build more
comprehensive customer profiles. For
consumers, behavioural biometric
authentication promises greater
personalisation, increased choice and,
most importantly, better security without
introducing unnecessary friction.
However, behavioural biometrics
should not replace occasional
authorisation as described above –
the proper context should be assessed
for when it’s appropriate – but in
nearly all other instances it can help
34 Issue 29 | www.intelligentciso.com