The Chief Global Strategy Officer for ISACA, one of the world’s most prominent cybersecurity organizations, is calling for the use of biometrics and artificial intelligence to phase out password-based authentication.
In a Forbes Technology Council article, Chris Dimitriadis argues that the prevailing “over-reliance on passwords is likely unsustainable”, citing the burden it places on end users and the “rising sophistication of cyberthreats”.
“Passwords have played a central role in cybersecurity for many years, but they are no longer adequate as a sole form of authentication in an era of AI-powered threats, brute-force attacks, credential stuffing and password overload that many users experience,” he writes.
Biometrics, meanwhile, “can improve user-friendliness, especially when part of a multifactor authentication approach,” while emerging AI technologies offer new tools that can help to further bolster authentication security. “By applying its pattern recognition capabilities to high volumes of data, AI can set in motion adaptive authentication and anomaly detection and allow for real-time detection of any red flags,” Dimitriadis argues.
It’s essentially an argument for dynamic, risk-based approaches to authentication that bypass the old paradigm of a binary, “yes-or-no” system in which a password is either correct or not. And it’s coming from a representative of a particularly influential institution.
Founded in 1969, the Information Systems Audit and Control Association provides certifications, educational resources, and community support to professionals involved in managing, securing, and overseeing information technology systems. It’s known for certifications like the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) designations, and for publishing research, frameworks (like COBIT), and best practices that organizations and professionals worldwide use to enhance their cybersecurity, compliance, and risk management strategies.
Dimitriadis’ advocacy could therefore help to further promote the use of biometrics and AI as organizations seek to “modernize their approach to authentication.” But they are not silver bullets, and Dimitriadis argues that AI, in particular, “requires ongoing and intentional governance”. Quality data must be used, and AI policies and training need to be put in place.
“Embracing the capabilities of emerging technologies, including diligent oversight of the related risks, is the most promising path forward,” he concludes.
Sources: Forbes
–
October 7, 2024 – by Alex Perala
Related News
ID Tech Digest – October 7, 2024
Neglected ‘Alpha’ Channel Opens Door to Attacks on Computer Vision Systems: UTSA Researchers- HYPR, Crowdstrike Team Up on Risk-based Authentication
Identity News Digest – May 7, 2024
Big New Appointments at the Pentagon and the STA – Identity News Digest
Adani Group, the DHS, the GPDP, and More – Identity News Digest
Follow Us