Daniel Bachenheimer is technical director at Accenture Unique Identity Services
We have not quite killed usernames and passwords but we have gotten closer.
With more mobile devices and mobile apps that support biometric authentication and more stakeholders willing to allow for remote biometric authentication, we can expect to see even broader adoption. Some challenges that remain are:
authenticator and device accreditation: how can we ensure the security and performance of these edge devices presentation attack: how do we reliably detect and alter authentication schemes when biometric spoofs (or similar) may have been used data privacy and protection: how are we keeping the user in control of their data; ensuring that it is be used as intended and authorized; and how are we keeping it secured until deleted based on the retention policies.
Blockchain technology, specifically consortium-based distributed ledger, could provide a means for users to control their accredited personal data making it available to public or private entities globally with each interaction immutably recorded and available on multiple nodes – with no central data owner / controller.
Unlike Blockchain, where trust is derived through consensus, the trust-anchor, or anchors, envisioned here will accredit identity claims through methods similar to Know Your Customer (KYC) in the Financial Services sector or Traveller Identification Program (TRIP) in the travel sector where consortium Identity Service Providers will uniquely identify individuals (preferably through biometric identifiers) and digitally sign/protect vetted identity claims that can be shared at the discretion of the individual.