Video: CIAM Q7

What alternative authentication methods, other than user name, passwords, SMS and Socials, exist and are they worth using and in what combination?







VIDEO TRANSCRIPT

Next question we've got is what alternative authentication methods other than username comma passwords sms and socials exist and are they worth using and in what combination andreas do you have a viewer

 

Yeah it's yeah it's really important uh especially uh everything which you have with social social login so using you combine that with your facebook stuff have um have the ability to use the apple id and stuff like that it's really important to have the entry barrier as low as possible and if people trust as an example facebook or or apple with their ids yeah they should be they should use that yeah so i think modern solutions solutions that should be easily easily adopted need to need to have that yeah and i can't say you have to you have to implement everything what's possible because there will be a user that has some thing and you should you should also make it easy for him to access the systems so i would say alternative methods um are really important everything what we see with social out there is a must for a good solution

 

All right Coz do you agree with that

 

On my personal wearing my personal hat i totally agree with andreas working with my corporate hat and having the weight of security on my shoulders and that that that's driven by a different direction you know they're they are completely against using any form of social access control so for us what we what we use it as an alternative we use device trust so we ensure that your device is a corporate device that allows you to access our system we use like ip whitelisting for some of our hr and sas based applications so unless you're coming in on vpn in a particular uh in our white-listed network you won't access our our systems um but yeah i i i mean you know i said with my personal hat i'll take andreas's view and i think those sort of barriers to entry and using social uh social accounts to gain access systems is good enough but you're on the financial security side no we're not we're locked down to uh some sort of you know networking and device trust specifics i'm sure i'm not alone in that

 

Fair enough andy do you want to weigh in on this one

 

No Coz you're most definitely not alone on that one um a particular pattern i'm seeing at the moment is starting with that corporately acceptable set of authenticators so what do we need as a organization to be able to trust this relationship so that might start with the username and password but then allow the user to opt in for a multi-factor or an alternative authenticator if they have them available so i know certainly i go around and turn web off n on on as many accounts as i can find that it's available because i have that hardware available and we're seeing that bowling out to more and more users now with things like windows hello touch id those are web authoring under the covers but the user doesn't need to know that's what's happening it just says oh yeah touch my laptop right i'm in i don't need to know about that i think where it gets really interesting is if you take that to an adaptive stage and say actually it's andy logging in from the device he last used the ip he last used at the time that we know he regularly interacts with our service we can change the authentication journey for that user to give them a more seamless experience and then if i go and do something sensitive i might want to re-authenticate that users to raise that level of trust.