#Identity Technology

Passwordless authentication for connected identities

Technical Innovation
5 Mins.

Users are becoming increasingly overwhelmed with the plethora of passwords used in both personal and professional lives. At the same time, companies struggle to integrate and scale authentication solutions to different security levels. This raises the question: are passwords really the most secure or user-friendly form of authentication?

Over 80% of corporate data breaches are caused by stolen or weak user credentials.1 Such a data breach can cause businesses to lose half of their customers.2 As we must remember, store, or recall so many passwords for an ever-increasing number of digital accounts and services, it is only natural that so many people turn to repeated or simplistic passwords. In fact, 59% of consumers use the same password for multiple accounts3, and the password “123456” is still used by 23 million account holders.4 This proves that passwords are evidently an insufficient means of digital access management. In the age of IoT integration, authentication of our digital identities must also become more sophisticated, connected, and convenient.

With drastic increases in the use of home offices due to the COVID-19 pandemic and significantly more of the workload being conducted in the cloud, the security of our digital identities has never been more important. We are also inching closer to connected cities, which will require centralized, federated, user-centric, and self-sovereign digital identity. According to UNESCO, 70% of the world’s population will reside in urban areas, which will mostly comprise smart cities, by 2050.5 To connect citizens with basic smart services – from  health to public transport to payment services – seamless, secure, and connected digital identity tools will be key. Passwords will simply not be able to provide the necessary integration for digital identities in smart cities.

Passwordless authentication use cases

Woman’s hand using key fob to access enterprise building
The StarSign® Key Fob offers enterprises secure, seamless and scalable authentication solutions that go far beyond passwords

Solutions for authentication of digital identities must be highly secure, ensuring privacy and data protection. At the same time, they must be convenient, scalable, and easy to use and manage. Enterprises should not be forced to choose between security and user experience, as both of these elements are crucial for large-scale applications. Instead, passwordless solutions should meet at the intersection between the two. There are a range of passwordless authentication methods currently available. Some of these include biometrics such as face, fingerprint, or iris authentication to enter an office building; one-time passwords (OTP), multi-factor authentication (MFA), or the use of a magic link to log on to restricted systems; or the use of near-field communication (NFC) for payments . However, used in isolation these methods may have limitations in security or in certain complex applications.

G+D’s StarSign® Key Fob is the first biometrics-enabled, Fast IDentity Online (FIDO) security key on the market. It combines built-in biometrics, strong multi-factor authentication, a tamper-proof secure element, and a multi-channel interface. The crypto hardware token features an integrated fingerprint sensor that allows users to quickly and reliably authenticate themselves, removing reliance on passwords. This allows it to provide secure authentication for access, approvals, and payments, and to be used on different platforms with Bluetooth, USB, and NFC. With an easy plug-and-play setup and support for multi-user and multi-account scenarios, it can easily be used at scale. The StarSign® Key Fob is PSD2-compliant and is FIDO-enabled for cutting-edge interoperability and compatibility, able to be used out-of-the-box in any customer environment. According to Ferdinand Burianek, Head of Domains Public Sector, Transit and Enterprise at G+D, “The StarSign® Key Fob allows for highly secure, frictionless, and passwordless authentication. By covering numerous essential use cases in enterprise environments, the solution lies at the intersection of security and convenience.”  

Collaboration leads to connectivity

The FIDO standards are authentication protocols focused on optimizing both security and the user experience. The FIDO Alliance is a group of global tech leaders across payments, telecom, government, and healthcare industries, aiming to reduce the world’s reliance on passwords.6 As a member of the FIDO alliance, G+D is part of defining new standards and promoting innovative technology to advance authentication solutions. In enterprise applications, FIDO allows users to simultaneously possess authenticators for different devices, such as a laptop and a mobile device. A FIDO-enabled ecosystem allows enterprises to modernize and integrate their authentication solutions, as business processes continue to evolve to online, cloud, and mobile services. FIDO authentication also extends to healthcare, insurance, financial services, and government. In each case, the FIDO standards eliminate the risks associated with weak or stolen passwords, by using secure user authentication that is also fast and convenient.

“We must define a very user-centric identity that has privacy, security, government backing, and private-sector backing“
Charlie Walton
Senior Vice President of Digital Identity Products, Mastercard

At G+D’s Digital Client Exchange event in November 2020, Charlie Walton, Senior Vice President of Digital Identity Products at Mastercard, said in a video interview that digital identity is not singular, but rather involves a collage of information. He believes that when it comes to digital identities and authentication, collaboration between governments and the private sector delivers the best results. “In the future, static-oriented identity data, biometric data, and dynamic data will come together to create the collage that helps to define a very user-centric identity that has privacy, security, government backing, and private-sector backing.” 

As we move toward smart cities, the idea of a portable, secure digital identity – which the user controls but a central service manages – becomes not only practical, but highly necessary. This will ensure seamless digital and physical experiences in both our personal and professional lives. Such frictionless experiences require a move away from inconvenient and insecure forms of authentication, such as passwords. New authentication methods that involve collaboration from private-sector and public-sector parties, and which enable integration for the user, will define the future of digital identities.

  1. “Are pwned passwords putting your business at risk?” Infosecurity, 2019

  2. “Businesses can lose half of customers after a data breach,” Business Insights, 2019

  3. “59% of people use the same password everywhere,” Security Boulevard, 2018

  4. “Password statistics for 2020,” DataProt, 2019

  5. “Smart Cities: Shaping the Society of 2030,” UNESCO, 2019

  6. FIDO, 2021

Published: 25/02/2021

Share this article

Subscribe to our newsletter

Don’t miss out on the latest articles in G+D SPOTLIGHT: by subscribing to our newsletter, you’ll be kept up to date on latest trends, ideas, and technical innovations – straight to your inbox every month.

Please supply your details: