Overview
Password-based and two-factor and multifactor authentication processes have not been able to able provide protection to systems and data as well as was expected due to various reasons. Password-based authentication is too fragile and two-factor and multifactor authentication processes have been rejected by users because of poor user experience. Big data -based authentication system promises to offer both robust authentication and a good user experience. Unlike other authentication systems, big data-based authentication authenticates a user based on multidimensional and regularly updatable information collected about the user. The main difference between big data-based authentication and other processes is the former uses multidimensional information to authenticate a user. Multiple such products are already available in the market and they are popular too. However, other systems have not been consigned to the oblivion yet because of various reasons.
What is the current trend in user authentication?
In the user authentication domain now, the traditional systems such as password-based systems are still being used while novel methods such as big data-based authentication are emerging. Traditional systems, for all their problems, are still being used because of lesser acceptance of stronger authentication systems and integration issues with newer models. Some of the main trends in this domain are described below.
- Many companies offer a combination of password-based and multi-factor authentication system but the latter is optional for the users because many users find it inconveniencing.
- Two-factor and multifactor authentication, though better than password-based system, have had limited reach because of poor user experience.
- Many companies are using passive biometrics in which data about the user such as fingerprints, voice and face recognition are collected and used to authenticate the user.
- Big data authentication is becoming popular because just like biometric authentication’s approach, it collects data about users and builds a profile of the user without the user knowing about it. The profile is regularly updated and used to authenticate the user.
Also read – Pairing of IOT and Hadoop
How user authentication process works?
For all the innovations in this industry, the core principle of authentication system remains the same: match user inputs with the available data in the system. The different authentication systems are described below:
- In the password-based system, the password provided by the user is usually matched with that stored in the database in an encrypted format earlier.
- In the multifactor system, the system matches multiple passwords — some of which are stored in the database and the remaining dynamically generated — with the inputs provided during the access request.
- In the biometric system, the system collects data such as voice, fingerprints or the iris and uses that data to authenticate the user.
- In the big data-based system, the system creates a profile of the user based on the data it regularly collects. It authenticates access requests by matching access inputs with the data in the profile.
Must read – Blockchain And Data Management
What are the challenges in the current process?
The main challenges in the current process are described below:
- Organizations have been facing a lot of financial and technical challenges in moving from purely password-based systems to more secure authentication systems. For example, in a huge enterprise with a lot of legacy systems, migrating from one process to another could be a nightmare.
- Multifactor systems tend to mar user experience and users tend to avoid layered authentication, if given an option. It is a challenge both getting users to follow the process and keeping the authentication system robust.
Must read – Drone Cops: The Future of Police Surveillance
How the big data authentication works?
As already described earlier, big data-based authentication systems create profiles of all valid users of a system based on data collected about the user. The user does not even know that the system has been collecting data. Whenever a request to access the system is sent, the authentication system matches the information collected when the access request was made with that in the profile. Any mismatch or deviation from the profile could set off a warning about unauthorized attempts.
Given the evolving nature of attacks, the big data authentication system performs pretty complex stuff. According to Don Gay, the chief security strategist of a User Behavior Analytics Company, – “With bad actors increasing the sophistication of their attacks, enterprises are having a difficult time pinpointing the threats and vulnerabilities that pose the largest risk”. The user data it collects are varied, unstructured and complex such as the following:
- Information entering behavior — does the user use keyboards or keyboard provided on the website?
- How many security permissions does the user have?
- How many attempts does the user normally take to enter the correct password?
- How many times on an average does the user access the system in a day?
- How many times in the past have the user reset the password?
The system simultaneously collects data about the user and monitors his activities too. The system has to adapt to the unique behavior of each user. As Ivan Tendler, the co-founder and CEO of Fortscale, a reputed User Behavior Analytics Company says, “We look at this from the user’s perspective. He has a name, a personality, and habits. This user is sloppy or this user is risky or this user tends to have too much permission and so on. You have to look at the user history and profile his behavior. And only in those methods can you spot odd behavior and can pinpoint malicious users or compromised users whose credentials were stolen.”
The authentication system collects large volumes of both structured and unstructured data from a variety of sources and is able to analyze them, detect patterns of behavior and anomalies and detect attacks from a variety of sources such as network devices, security appliances, hosts, endpoints, applications, and databases.
Organizations have been reaping benefits of this approach already. For example, the Department of Labor and Workforce Development (NJDLWD) uses a big data authentication solution to identify fraudulent unemployment benefit claims. The data authentication system works in two steps: first, it establishes whether the identity presenting a claim is real and second, whether the identification is owned by whoever is making the claim.
Also read –Companies Are Taking Proactive Stances Against Cyber-crime
What is the future trend?
The following trends can unfold possibly:
- Password-based systems will be used in conjunction with other newer authentication systems.
- More investment will be made into making the user experience of two-factor and multifactor systems better.
- Many organizations will watch with both interest and caution the developments in the big data authentication front. This applies especially in industries that deal with a lot of confidential data such as banking and finance, defense and healthcare.
- Organizations will invest a lot into making the biometric systems more acceptable and robust by addressing the limitations of voice-based authentication systems. It seems iris-based authentication is going to find many takers.
Must read – What is the significance of SSL Certificate?
Conclusion
The big data authentication is still evolving and it will be a while before more is known about the system and its acceptability in the industry. Theoretically, it sounds promising though. For all its fragility, the password-based system will not be junked but used in conjunction with other authentication systems such as the two-factor and multifactor systems. Another factor that needs to be considered is the ability or affordability on the part of organizations to migrate from basic authentication systems to more robust and stable systems. According to Gartner, many organizations have been finding it tough to incorporate advanced authentication systems into their systems.