IT Briefcase Exclusive Interview: The Current State of AuthenticationJune 13, 2018 No Comments
Featured Interview with Alexey Khitrov, CEO, ID R&D
With the explosive growth of the IoT market and the ubiquity of smartphone apps with access to personal and sensitive user data, it has become crucial to ensure that user authentication is secure, accurate, and immediate. Today we talk with Alexey Khitrov, CEO of ID R&D, about his perspective on the current state of authentication, and what smart businesses can do to protect customers’ security while simultaneously making users’ experience less painful and frictionless.
- Q: What are the most critical issues around authentication in the IoT and mobile markets now?
A. For a long time, both industries have struggled with sacrificing security for convenience. The growth of connected devices and apps has brought a correlating growth in attacks – a recent Gartner survey revealed that nearly 20 percent of organizations experienced at least one IoT-based attack in the past three years. And that’s only expected to grow. At the same time, the marketplace is flush with lower end IoT devices that favor a simplified user experience over proper security measures. While this allows consumers to activate their internet-connected products with zero friction, this lack of security also means that hackers often have little resistance to accessing and hijacking these devices themselves. For mobile apps and cell phones, many users deploy the barest of security measures in order to have a pleasant experience. Many users are allowing their most personal and critical information – contacts, financial records, private correspondence and more – to be protected by little more than an easy-to-remember (and hack!) password in favor of efficiency and a pleasant experience. And few IoT devices are manufactured with a screen, or even an interface for a user to engage with. As the industry moves more toward conversational interfaces, there’s a glaring lack of security limiting IoT usability for monetary transactions and the personalization of services.
- Q. What about a more complicated password? Isn’t that sufficient?
A. Indeed, passwords remain the standard security measure currently used across the technology industry. But they’re also becoming less effective in securing access while at the same time becoming more complicated and painful in terms of the customer experience. Forgetting your password requires a number of hoops of reset emails and security questions, an onerous and frustrating experience that can be derailed by a mistake in capitalization or a change in favorite, color, movie, etc. Because it’s easy to remember, many users use personal information, but if bad actors get access to passwords or information used for knowledge-based authentication, they essentially have a key to every site or app you use. With the average user managing 90 password-protected accounts online or on a mobile app, the most vigilant among us would have a full-time job keeping track of unique passwords. On the business side, there is an entire industry dedicated to Password Reset at no small cost to a company. All in all, passwords are increasingly a poor candidate to secure the IoT and mobile devices from both a UX and security perspective. This is why enterprises across industries are seeking superior methods for authenticating users.
- Q. What do you see as the future for authentication?
A. Multi-model, biometric security measures. And really, biometric security measures are already becoming both commonplace and familiar. iPhone owners that began unlocking their phones with their thumbprints a few device generations ago are now doing so via facial recognition. Beyond facial recognition, Siri, Alexa, and other voice-activated tools have helped consumers grow accustomed to speaking with their technology, which is accelerating the pace for voice-based authentication as a mainstream security solution. Our focus is proprietary AI-based development – that’s where we see the industry moving. By relying more on passive authentication, and replicating a friend-like experience where your devices and apps instinctively “know” you, authentication UX will fade away and people will be able to use services, securely, without even thinking about it. This works especially well when with a conversational interface and in the IoT.
- Q. Why biometrics?
A. Biometrics are particularly well-placed to become the default in both IoT and mobile. Businesses are increasingly focused on delivering a great UX and realizing that can’t be limited to only after a customer has logged on. We think that most businesses are accepting that customer experience should be similar to an exchange between two friends – rather than simply one between buyer and seller. The best brand experiences feel familiar and easy – friends don’t ask you for a password when they greet you, they know you by your voice and your face. The adoption of biometric authentication for businesses creates a more seamless and natural experience, whether that’s a consumer device adjusting automatically to a user’s preferred temperature or a customer able to transfer money between investment and checking accounts through a voice interface on their phone.
- Q: Beyond convenience – can biometric authentication really deliver robust security?
A. Absolutely. In addition to delivering a seamless experience, several technical advances make biometric security the go-to option. First, biometric security algorithms are getting smaller and more efficient, such that 2MB algorithms can securing IoT and mobile devices. Second, these algorithms are also getting smarter. For example, today’s biometrics can differentiate between your actual voice and a recording of it, or can distinguish between the way your hand operates your cell phone and the way someone else does. We are talking not just about biometric matching, but rather a comprehensive security solution that among other things can not only match biometric data, but also protect against spoofing attacks, such as those replaying audio clips with voices and showing photos or videos to gain unauthorized access. Biometrics prevent breaches through unique and personal identification technology that was unthinkable even just a few years back.
- Q: What role does ID R&D have in the biometric ecosystem?
A. We provide multi-modal biometric security solutions. It’s an exciting space that’s only going to get hotter. ABI predicts that the biometrics market revenue will grow from $26.6 billion in 2016 to $44.5 billion in 2022. We’re definitely seeing increased interest, especially from enterprises. In the last six months, we’ve become part of the Google Cloud for Startups program, been named a top 10 AI startup by Microsoft in its AI Innovate global competition, and announced availability of our products on the Samsung SDS Digital Identity Platform. We attribute that to the growing recognition within the wider tech industry that the long-used password system cannot match the level of security and ease that biometric authentication can deliver.
Alexey Khitrov is president and CEO at ID R&D, an award-winning biometric solutions provider offering proprietary AI-based behavioral, voice, and anti-spoofing user authentication capabilities. Prior to ID R&D, Alexey was the president and CEO at SpeechPro, a provider of speech recording, processing, analysis and voice biometrics. Before SpeechPro, Alexey was with BMO Capital Markets, a leading Canadian investment bank, where he worked with a variety of financial products and client groups. Alexey holds an MBA degree from Schulich School of Business (York University, Toronto, Canada).