Identity as the new security boundary

 Not so long ago a PC was safe behind a firewall. The idea was that the physical infrastructure of a network would be enough. Anti-virus and anti-malware products sat on PCs to protect users.

Then hybrid working came along. Digital nomads who could connect to networks from anywhere. New startups had users connecting to web based applications. People were bringing their own devices, tablets, phones, projectors and so on into the workplace. Security has now started looking at people. Microsoft call this zero-trust. You don’t just trust someone because they can login. You have systems that secure identity itself.

There are three steps to identity security. 

1.The credentials that give you authorisation. For most people this is an account identity and password. Often the identity is an email address or some public identity. This leaves the account secured by password. The strength and complexity of the password protecting authentication.

2. Authorization is the next step. What you can access with your authenticated identity.

3. Finally, continuous verification. Is your identity still valid and do you still need access to a specific service or resource?

Identity is now on the front line of information security. This is why multi-factor authentication (MFA), also called two factor authentication (2FA), has come to the fore. The weakness of passwords make them easy to hack or potentially easy to persuade people to hand them over. Not only is this bad for work but it also bad for consumers that are scammed by a variety of methods.

We now are heading for the age of passwordless. Not everywhere. Not for everyone. There are plenty of older systems out there that are going to need passwords for a long time. Users of systems are now the weakest link in security.

In a great fanfare Apple launched Passkeys. In the way that Apple do things it was presented as a technology Apple just invented. However, both Google and Microsoft have implemented it. It also needs to be supported by web browsers.

Essentially when you try to log onto a website or other resource you are met by a QR code. You scan this and a private key is created on your device and subsequently you will access that site without a password. Apple will be storing these keys in it’s keychain and Microsoft in its authenticator app. You can generate on device keys for Windows, MacOs, IOS and Android.

With passwords gone then security is now in the hands of users. There is also the move by governments to have secure digital identities to access government services. In the UK the GOV.UK Verify service. Some countries, like Estonia, align digital identity with national ID cards.

The security paradigm has moved from services just having passwords inside a secure network to now having complex keys that users don’t have to remember but are less easily hacked. Over the next few months web browsers, apps, services and operating systems will move to passwordless.

Comments

Post a Comment

Popular posts from this blog

Powershell Symlink to Onedrive

Image
I have more than one PC. To be precise, and overly pedantic, 3 Windows 10 laptops. All are slightly different and of various ages. One I use with a Windows 10 Insider Build to keep up with the next thing coming down the pipeline. On each, I do a bit of Powershell . Powershell is the latest generation of Windows command line tools. The Linux enthusiast would look down on the Windows command line of whatever generation but Microsoft has always provided command line tools. In the early days MSDOS was a command line OS. It did little but create directories (folders), copy, move or delete files. It ran “command.com” which some said was just a basic file system manager and way of loading programs into memory. It wasn’t difficult to disagree. Developers brought out alternatives to this such as 4DOS , literally “for dos”, by JP Software . They also produced 4NT, which enhance the Windows NT command processor and 4OS2. The latter was for the IBM OS2 Operating System of the late 80s and ea
Read more

Being progressive rather than universal

Image
Microsoft was not short of ambition for its tiled interface and One Windows strategy . Microsoft was doing what no other tech firm had done - uniting mobile to desktop/laptop PCs in one experience. Apple had two OSs available - IOS for phone/tablet and OSX for its desktop/laptop users. They were different and had different interfaces. Google had two OSs - Android for phone/tablet and ChromeOS for its Chromebook devices. Of course, even One Windows doesn't mean exactly the same OS but it does mean components have such similarity that the interface appears the same to users and, with little modification, apps can run on all platforms. Unfortunately, the app platform UWP (Universal Windows Platform) was hobbled from day one. Microsoft had a poor quality application store, ever-changing developer tools and standards and a Store that only worked (on the PC side) for Windows 8 and latterly Windows 10. While people used legacy versions of Windows such as Windows 7 and XP t
Read more

Digital Gold

Image
A while a go I bought the book Digital Gold by Nathaniel Popper . It turned out to be a pretty good read overall. This is not a technology book in the sense of explaining Bitcoin or cryptography. Instead it is driven by the 'story' of Bitcoin. My interest is primarily in the technology but I also understand that to varying degrees people are also interested in the economics and politics of it. The book reads a lot like the history of the Internet or the development of the Linux OS. By that I mean it starts off with some 'out of the box' thinking and gradually gathers interest to the point at which it draws in a wide range of characters. So if you go back to 1995 you will find a number of people telling you why the Internet would fail .  I mention this because reading the book was a bit like reading about email in the 1980s, the Internet before web pages existed, Linux in the early 1990s. So as well as being told the Internet would not catch on, no-one would ever
Read more