MFA Was Never Enough

2017 saw the launch of our bottom up redesign of the authentication capability within Access Management. Our previous functionality focused on linear authentication chains.  While this provided considerable power and maturity, we knew many customers wanted more. We started analysing the market, working with key customers and analysts back at the start of 2016.  We went through a root and branch approach and released our intelligent authentication trees feature later in 2017. The premise was simple: MFA was not enough, and we saw a common pattern where customers wanted 8, 10 or 15 different “factors” or signals in their user login journeys. Adaptability and agility were now as important as security.

Security + User Experience = Intelligent Authentication

Intelligent Authentication provides a rich digital canvas, where login workflows can be created and managed intuitively.  A collection of authentication components forms a “tree” with lots of different permutations and “branches,” that dynamically respond to the user and context being processed.

But not all signals or “nodes” are purely related to security. The end user consuming a service or application is a critical stakeholder in how it should be designed and operated. Signup and signin features need to be unnoticeable. To quote Coco Chanel “Dress shabbily and they remember the dress; dress impeccably and they remember the woman.”  Deliver a poor end user login process and you immediately create a barrier to the service or application you are trying to build trust with.

5 Steps to be “Authenti-great”

But what were the problems we were trying to solve?  Every ForgeRock customer uses authentication. Every (Ok, nearly every) web service out there requires authentication of some sort - even anonymous authentication, is not really anonymous.  So what is intelligent authentication fixing?

  • Improved end user choice - as an end user I want much more control over how I am identified - which device I use, which MFA option I want to use and when and so on.  Can that be done dynamically and responsively?

  • Improved device analysis - as a both an end user and security administrator I want to provide flexible login journeys that vary based on the device being used - a mobile login experience should vary to a laptop.  An Android experience may vary compared to iOS with FaceId for example

  • Improved threat detection - both end users and service owners want trust - trust is built on security and a key component is being able to integrate malware and botnet detection systems.  Can this be done as a business as usual configuration exercise? Can actors be identified as human or machine? As trusted or untrusted humans?

  • Improved insight - as login is such a critical component of an app or service, how can user and device insight be used to increase personalisation or create adaptive experiences?  Can you articulate for example how many users in EMEA login via Android or Chrome v66? Or, do abandoned shopping carts correlate to the login process taking more than 2 seconds?

  • Improve agility - whatever biometric or MFA is chosen today, tomorrow something new will come along.  How can CISO’s plan and allow business as usual changes to the authentication landscape?  Tight coupling and binding of authentication modalities is expensive and increases vendor dependencies and rigidity.

A new array of use cases, stakeholders and decision makers are now involved in the login design process.

What Next?

Start to understand not only your authentication requirements today, but roadmap future requirements - not only for both your end user community but your applications too.

The Intelligent Authentication video series will help you to understand how intelligent authentication can accelerate end user integration, improve security posture and allow for a future proofed digital canvas, application and service owners can build upon. Check out our first video below and click here to learn more about Intelligent Authentication.

 

 

 

 

Who Is Simon Moffatt?

Who’s Simon? Simon is a technical product dude here at ForgeRock. He has 16 years working in the identity game at companies like Oracle, Sun Microsystems, and Vaau. At ForgeRock, he helps to design new products - specifically in the Access Management space. Not only is he ambidextrous, but he can design with both hands...oh wait.

Recent Posts:

Login Freedom: The Advantage of Giving Users Choice

How many headaches have you endured due to a forgotten password? Me? Too many to count. At the end of a busy week I just want to kick back and watch a movie online -- problem is I’ve been logged out and can’t remember my password.

eSIMs: The KYC Challenge & Self-Service Identity

In many countries around the world there is a regulatory requirement to capture and authenticate name and address data for every mobile phone subscription; be it contract or pay-as-you-go [PAYG], with or without a new device included in the deal (e.g. SIM only).

The IoT Opportunity: Schneider Electric

Schneider Electric is working towards making its customers more sustainable and efficient by leveraging the data collected from its smart devices.