ITU Kicks out Password, Username, OTP Authentication Introduces a Better standard
|The ITU, International Telecom-munications Union, has condemned the use of passwords in creating a digital financial service, thus, describing it as a faulty foundation
It highly recommends that digital financial services be built on authentications which are way less risky and greatly sophisticated than the manipulable password for authentication.
During it’s standardisation project on “Identity management, architecture and mechanisms” which was recently released, ITU stated that over three billion usernames and passwords were hacked in the year 2016, and that the number of data breakage in 2017 rose to 44.7% higher than that of 2016.
Andrew Hughes, a digital ID strategist and standards expert of InTurn Consulting, said that: “We are moving away from the ‘shared secret’ model of authentication.”
He was referring to the username
/password model of authentication, saying that there are no more secrets, considering the widespread of data breaches .
To overcome the limitations of passwords authentication , designed specifications developed by FIDO meaning; Fast Identity Online) enable users to authenticate to thier devices locally with the use of biometrics, then authenticating the user online using public key cryptography.
This model is presumed not to be vulnerable to phishing, man-in-the-middle attacks or any other forms of attacks targeting user credentials.
Jeremy Grant, the Managing Director of Technology Business Strategy at Venable, said “This is the biggest transformation we have seen in authentication in 20 years. ”
“Google, Microsoft and Apple are among the companies now baking FIDO specs into their products. ”
“These specs are shipping out in most devices and browsers in use today,”
“These specs are shipping out in most devices and browsers in use today,” he said.
FIGI’s project on taking the authentication to the next level has been successful by ushering FIDO specifications into the ITU’s standardisation process.