TECH BUYER Jan 2020 - IDC Perspective - Doc # US45922320
Modern Authentication 2020: Passwordless Enables a Future of Trust
This IDC Perspective provides insights into modern authentication. Truth be told and apart from low-risk B2C situations, the road to a passwordless future is still smattered with a few remaining potholes and sharp turns. PKI certificates can help us steer clear of complex hygiene requirements associated with hard-to-guess passwords, but our private key component is generally rooted with an initial password during a registration process. Similarly, any lost certificates (something we no longer have) are typically recovered using a password or a PIN. Thankfully, neither of these situations require us (the users) to create and remember more than one or two basic constructions — a big win.
Also, classic objections to token-based authentication methods are for the most part no longer valid. Very few of us now spend any significant portion of our day away from a device that can easily serve as an authentication mechanism reading our fingerprints, face, or eyes or recognizing our voiceprints. We carry them around because they serve so many other useful purposes becoming the predominant means for running most internet apps, paying for coffee, and creating selfies. Pretty much all that's left is getting our respective governments to approve their use as a valid form of ID card or driver's license and a passport or proof of citizenship documentation.
This document is one in a series of reports in which IDC examines the future of trust. "Trust" the condition that enables decisions to be made between two or more entities that reflects the level of confidence (risk and reputation) between parties. Trust introduces new variables that go beyond the traditional idea of "security," to include "risk," "compliance," "privacy," and even business ethics.
"The extinction of the passenger pigeon was unfortunate; the extinction of the password, however, is long overdue. Passwordless authentication is modern authentication for a modern time. Any other conclusion is delusional," according to Frank Dickson, program vice president, IDC's Security and Trust research practice.