ISSN 2348-1196 (print) International Journal of Computer Science and Information Technology Research ISSN 2348-120X (online) Vol. 8, Issue 3, pp: (230-234), Month: July - September 2020, Available at: www.researchpublish.com
The Future of Authentication: deeper look on how Authentication may look like in the future 1
Taher A. Alwusaibie
1
Saudi Aramco, Dhahran, Saudi Arabia
Abstract: Authentication has always been a predominant and inherited distraction in the area of cybersecurity. Governments, organizations, and corporations have often relied on primitive authentication methods to reduce the cost of ownership, thus continuing the lack of secure authentication technology, with the absence of seamless authentication schemes. Authentication has evolved, from password-based authentication in the 1980s, to the use of multifactor and transparent authentication based on biometrics and behavior-based access. This article looks at the different authentication options available, and the appropriate methods for each type of infrastructure and service. The article envisions the future of authentication given the increased technological complexity, and the demand for seamless authentication. To overcome the shortcomings of legacy authentication methods, such as passwords, industry has established an alliance called Fast Identity Online (FIDO) that aims to establish a secure passwordless authentication. FIDO is meant to address the lack of interoperability of strong authentication. Major companies are part of this alliance to standardize authentication based on cryptography keys. FIDO provides multiple standards to support different levels of security requirements, which may require hardware-based tokens. Authentication can furthermore be taken to a different level and include additional factors that play a critical role in verifying someone’s identity. The more authentication factors, the better assurance we have in knowing that someone is who they claim to be. In addition, if these factors are seamless, the authentication method will be more acceptable to Internet users. Keywords: Authentication, Passwordless Authentication, Biometrics, FIDO.
1. INTRODUCTION Authentication is a method to establish the source of a request to access a resource. The purpose of authentication is to establish a trusted and verified digital identity that is a unique representation of a subject capable of engaging in online transactions. Because authentication is often accomplished over an open-network connection, authentication introduces a vast number of threats, such as impersonation of an identity and exposure of secrets involved in the authentication activity (NIST, 2017). The simplest form of authentication is using something you know, such as a password, where the technology to implement such solutions is widely available and very cost-effective. To strengthen this type of authentication factor, many technical controls are enforced, e.g., password length, history, complexity, and lockout window, to protect these secrets from known password attacks, such as brute-force and dictionary-based password cracking techniques. Despite IR4.0 and advancements in AI and modern technology, passwords conitnue to be the main method of authentication. Passwords naturally have a weakness in the way they are utilized. Taking a quick glance, passwords introduce several issues:
Page | 230 Research Publish Journals