Eliminate Usernames and Passwords
As we’ve moved to utilize services from a collection of digital, cloud-based service providers, we have become more reliant on usernames and passwords, along with various forms of second–factor authentication. The stakes in authentication are high, as the process serves as a gateway to valuable data used to access both workplace and personal services. Regardless of how secure the services may be, the weakest link – and target point for hackers – is often the username and password. After all, a chain is only as strong as its weakest link.
Authentication systems can employ various forms of second factors to battle this weakness in security, including clear text SMS with One Time Passwords (OTP), answering secret questions, Knowledge-Based Authentication (KBA) and push notifications using various authenticator apps. These methods, despite being an improvement on the basic authentication method, still rely on the original username and password paradigm, which complicates the user experience to improve security. Additionally, these methods are vulnerable to hacking, as the device itself becomes the second factor and breaching or impersonating the device can open the doors for hackers.
We can continue to improve username and password security in a leap-frog race against hackers, who will continue to evolve means of compromising those improvements. However, the best approach to increasing the security of authentication may be to eliminate the need for usernames and passwords altogether.
Think of the comparison of combustion-based gasoline-powered vehicles to electric vehicles. A combustion engine can be improved to reduce its gasoline consumption per kilometre and engine reliability, requiring fewer oil changes and reducing transmission issues. However, with the introduction of electric vehicles, all the related issues with the combustion engine may be eliminated (at least mostly anyway). Removing usernames and passwords altogether provides a similar result in strengthening security – there is no need to make them more secure as they simply no longer exist.
With our solution Eeze, authentication is as simple as scanning a QR Code with a user’s mobile device, never having to type in a username or a password. Behind the scenes, a secure authentication process occurs. Eeze can eliminate the need for a central database of identity data, which is often targeted by hackers. If a phone is stolen the user can wipe their identity data on the app.
While the approach to eliminate usernames and passwords is disruptive, it improves security, improves usability, and doesn’t require a complete overhaul to bring widespread adoption. Eeze easily integrates into existing solutions where a user has been set up in an identity and access management system. Users adopt a new authentication method while continuing to enjoy the benefits that the IAM system provides in managing and accessing applications and services.