The Rise of Smart Authentication

David Vergara, April 3, 2017

It’s the 21st century marketing mantra: Never underestimate the power of ‘smart.’ After all, we have ‘smart’ phones, ‘smart TVs’, a ‘smart’ doorbell and yes, even a ‘smart’ dishwasher. Retail niches aside though, when it comes to the stuff that really matters, (like keeping your private information private), what about ‘smart’ authentication?
As detailed in this Network World article, multifactor authentication strategies, while rising in popularity continue to be dogged by the tradeoff of usability and security. In other words, if authentication solutions are not simple and convenient, users will not accept them. Conversely, if they are not secure, hackers will exploit them and compromise users.

Which is largely the reason so-called ‘smart’ authentication strategies that contextualize user behavior by comparing patterns of behavior interpolated by sophisticated algorithms have emerged to produce more secure as well as easy-to-use experiences. This includes continuously monitoring and scoring — in real-time — the way users interact with their computers and mobile devices via mouse movements, keystrokes, and gesture dynamics.

Additionally, since the authentication occurs transparently, neither users nor hackers are aware they are being ‘forensically monitored’ (my term for this), and have no “out” to game the system.

Leveraging this contextual data to authenticate a user involves analyzing patterns to evaluate if they match behaviors historically reflected by the user or account holder or, significantly, if they directly correlate with known hacker activity.

For example, if the user’s device accessing an app is geographically located in an area known for hacker activity, rather than the home or office location of the user or account holder, access can be blocked or step-up authentication invoked. Further, if a request to access an account does not originate from a phone associated with the user’s phone number already on file, access can likewise be restricted.

That’s not to say that multi-factor authentication will eventually result in diminishing returns. On the contrary. If the system detects an anomaly in the user’s behavior pattern, additional authenticators (i.e. the use of a one-time password [OTP] delivered by SMS) could be required before access is granted. As a result, users authenticate themselves only when their expected patterns of behavior change, thereby improving the user experience and amplifying the value of a security strategy that’s both convenient and easy-to-use.

The takeaway? A user’s behavior may change, but the user remains the same person.

So, has contextual authentication and behavioral biometrics entered the early adopter stage, on the verge of becoming mainstream or hovering somewhere in-between?

While it is certainly more of gaining traction in select industry niches, according to industry analysts, the global behavioral biometrics market is forecasted to grow at a CAGR of 17.34% during the period 2016-2020.

Practically speaking though, how is ‘smart’ authentication being received in the real world? Glad you asked.

A recently published online survey by Equifax found that 56% of UK consumers favor the use of biometric security over more traditional options such as passwords to log into their financial accounts online. In fact, 33% of individuals surveyed preferred to use fingerprint recognition to access their accounts, with iris scanners, facial recognition and voice recognition following suit. Not surprisingly, only 19% of people favored using passwords and even less selected memorable questions, both options that, of course, supplanted by the convenience and security available through biometric authentication.

For mobile banking users, this is an especially significant development, as passwords are fast becoming prologue to an entirely new generation of authentication solutions. This is especially true as mobile technology evolves and banks and other financial institutions look to reconcile consumer demand for biometric security solutions with their availability. In this new “age of the customer”, it may very well be that a multi-layer approach, inclusive of behavioral biometrics and device recognition present the most secure foundation on which to build positive customer experiences.

In sum, smarter devices are all well and good and they’re certainly not going away any time soon. However, when they’re supplemented by smart authentication solutions, they also achieve the twin goal of usability and security that maintains productive, secure, as well as long-term customer relationships.

Learn more about VASCO behavioral authentication solutions.

David Vergara is Director of Security Product Marketing at OneSpan and has over 10 years of experience in the software security space. Prior to OneSpan, he was VP Marketing for Accertify leading go-to-market strategy for their online fraud detection solution.