Identity, Industry Regulations

Watch: Moving beyond IDs and passwords to authenticate identity


As the coronavirus pandemic accelerated the migration to the cloud, the identity and access management (IAM) tools companies used also had to change during this digital transformation, said Bob West, chief compliance officer for they payment app Metal. Some of those changes include moving away from IDs and passwords, a topic that has been discussed for over 20 years.

“We’ve reached this tipping point where there’s been this imperative to accelerate this digital transformation and identity tools that compliment that digital transformation,” said West.

Identity and access management is important in the current cybersecurity climate to prevent account takeovers, which often indicates a ransomware attack, he said. Another challenge is navigating regulations and privacy issues, including with the Sarbanes-Oxley Act and GDPR in Europe.

As organizations move to passwordless authentication, West said multi-factor authentication is clunky and open to man-in-the-middle attacks. Biometrics, however, is at the point where it not only facilitates authentication, but enhances the user experience. 

The next generation of biometrics will allow IAM to go beyond IDs and passwords because they reside outside the infrastructure, which is also a problem with magic links or one-time passwords since they also could be leveraged in an attack.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.