Passwords have been an effective user authentication method for years. They’re familiar, convenient and, too often, easy to crack. To our disadvantage, we’ve become so reliant on passwords that we’re apprehensive to explore new vectors of protection, even at a time when a breach occurs almost daily.
In a perfect world, passwords and PINs should be acceptable forms of authentication. However, one of the problems lie in our reliance on weak passwords and PINs that can easily be hacked. When asked to create a four-digit pin, about 20 percent of people choose their birth year. That’s simple enough to remember; however, birth dates can easily be found online.
The other critical issue is that passwords, and the data that lies in the accounts guarded by these passwords, are stored on one central server. This creates an attractive target for hackers looking to access sensitive information in bulk, as it removes the work of having to gather data from multiple sources.
In an effort to remove passwords from the equation, some organizations, like Facebook and Google, have taken a step forward by adopting standards created by the FIDO Alliance – a decentralized privacy by design structure.
Instead of users’ passwords and PINs being stored centrally by a company, FIDO standards enable decentralization, where users keep login information on their own devices. Using a private key created on their device, individuals have the power to choose who has access to their information, and how they want to authenticate themselves, whether they choose a facial scan or fingerprint reader on their phone (i.e. FaceID and TouchID).
But living in a sensor-based world revolving around smartphones and other IoT devices, decentralized authentication will need to move beyond fixed biometrics such as facial recognition and be continuous to protect user identities, keep fraudsters out, and deliver seamless user experiences from the moment they log in to their accounts, to the second they log out.
Zighra brings the first on-device behavioral biometrics solution extending the FIDO vision. This is made possible through a highly efficient AI engine running entirely on-device. With continuous authentication, users are silently verified by their natural interaction patterns for a frictionless experience.
Security technology that combines machine learning, biometrics and user behavior are poised to reduce passwords to account for less than 10 percent of all digital authentications through 2022, according to Gartner. Zighra deploys AI and machine learning algorithms on-device, that can be trained to quickly and continuously adapt to user behavior – building personalized models based on how a user interacts with his or her device, from the way they type and swipe, to the hand they prefer to hold their device in. Coupled with geolocation, device type and other intelligence layers, these algorithms continuously build upon these models and analyze them for even the slightest deviation from “normal” behavior.
AI and behavioral biometrics on-device eliminate the need for passwords and promotes continuous protection and decentralization, ultimately deterring hackers and empowering users to take control of their private information. Behavioral signatures are a fierce opponent for fraudsters – as long as they are not stored on a central server, it is virtually impossible to duplicate users’ behavior. With the demand for privacy and security growing, a truly password-less world awaits.
To learn more about Zighra's on-device behavioral biometric solutions for FIDO: