Forging a passwordless digital identity


The news broke this week that, according to Computing, “Google has removed nine malicious Android apps from the Play Store after finding they were stealing users’ Facebook login passwords.

The apps were disguised as photo-editing, astrology, optimiser, and fitness programmes, and enjoyed high popularity: they had more than 5.8 million downloads between them.”

Let that sink in: a potential 5.8 million Android users are now at risk of having had their Facebook login details stolen and sold on the black market, all because they downloaded the wrong apps on their phones.

Sadly, there’s little about this that feels unusual: it seems like stories like this emerge every week. And while the prospect of having personal login information compromised is scary enough for those of us with more online accounts than we can count, for businesses the risk of password theft can often be especially severe.

So when are passwords finally going to die – and we move onto a solution that can’t be so easily exploited by criminal actors?

Fortunately it’s a problem currently being tackled by a host of innovators in the identity management space, including the likes of Vancouver-based Trulioo, which recently reached unicorn status following a huge $394M Series D funding round, and Transmit Security, which in the past month raised $543 million in the largest Series A funding round in cybersecurity history.

The pandemic has hugely accelerated the need for identity management. With so many more employees now working remotely through various different devices; consumers accessing online content in much higher volumes in lockdown; a sharp rise in hackers accessing networks via compromised login information; and a rise in the use of contactless technologies (to reduce risk of touching surfaces), the IAM (Identity and Access Management) industry is booming. Even principalities like Monaco are creating digital identities for every citizen – we can expect this to become more common in other countries from now on.

But while enterprise businesses know they need to invest in identity management, many are simply trying to adapt legacy systems, which isn’t working and is leading to what ForgeRock calls Identity Governance Fatigue.

By helping enterprise businesses enable secure access to online services and apps, IAM vendors enable better understanding of customers which then translates into a better experience for all. The challenge for the industry is to effectively educate businesses on the benefits of investing in IAM, which extend far beyond security and help improve the user experience for workers, give consumers better, more secure access to content and bring the Internet of Things to life. The message isn’t purely about protection, it’s about innovation.

We think Digital Identity should be a hot topic across the entire C-suite right now – if you agree, let’s chat! [email protected]