Changing identity management methods – By Aditya Abeysinghe
Identity management
Identity management, also called Identity and Access Management (IAM), is a method used to prevent unauthorized access to a resource. It is a term used to describe a range of methods that identifies and authorizes people, groups, and apps using access management rights. With this method, only authorized people, groups of people, and external services can request or use a service or product which could reduce attacks to data, applications or services, and hardware. Identity management is only a defense used to minimize attacks by preventing unauthorized access and is often added using an identity service and an authorization service.
Traditional IAM methods
Sign in with a username and password has been the typical method to authenticate users. It is still the most used method for authenticating users to products and applications. The method used to authenticate a user with a username and password differs based on whether it is used within a device, within a software, or within a remote environment. However, this method often poses a risk to a resource if the username and/or password could be attacked. Many methods to overcome issues with this method have been used.
Using an additional method to authenticate users is one method to overcome issues with usernames and passwords. This is often called Multi-Factor Authentication (MFA) and is often used with a code that is sent in a text or email message. MFA is used as the main additional method in systems which use username and password for user identity. Many other methods for using MFA have been used with higher security.
Tokens are typically the method used in validating web service or external service-related calls. With access tokens, data including user permissions, roles, and policies for the user request is sent by an authentication server to the user. With access tokens, the payload (information about the user, resources, and other data used for authentication), the header (data about the token type), and signature is sent to a user. Tokens are often temporary methods used to access resources and often are invalid after a period.
New methods for IAM
Adaptive MFA is a new method used to authenticate users. With adaptive MFA, MFA can be used to change the method used to access resources. A common use of this method is when a user uses the same resource when travelling, working with a network of an organization, and when accessing them from a remote location. Using this type of user authentication, methods addition to MFA can be used when a user is working from a location outside an organization and easier methods to sign on such as use of identification tags after the initial login can be used when inside an organization.
Biometric methods are also emerging as user authentication methods to access resources. Facial recognition, retina scans, and fingerprint mapping are some methods used to access resources. These are commonly used to reduce hassle of frequently using username and password-based logins to the same device or application. They are often used in addition to a username/password or pattern-based method to allow users to login when scanning biometrics fail. However, they are often more secure if the scanning is accurate as it identifies the user rather than data entered to a resource.
Image courtesy: https://www.perfecto.io/
