Changing Authentication Paradigms: The End of Usernames and Passwords?

AuthenWare's Daniel Caselles discussion authentication, security, and how his company is about to overhaul the paradigm.

Usernames and passwords have been the paradigms of user authentication for decades. But as technology evolves and concepts like the Internet of Things appear on the horizon, the issue becomes much more complex.

AuthenWare is focused on biometric technology for system authentication. The Argentina-born business now installed in Silicon Valley was named one of the most innovative companies in South America in 2013. It is now looking to overhaul how user authentication in the world works.

Daniel Caselles, co-founder and CTO of AuthenWare, will soon host a chat on the future of authentication and introduce a proposal that stands to overhaul the industry.

The world of engineering and developers in Silicon Valley is more about sharing than competing, and in that sense, we want to share this proposal. We’ve got the chance to propose an international standard that could change the way we authenticate today,” he explained. “With authenticate, I mean explaining to any information system that you are who you say you are.”

An Obsolete Standard

Fifty years ago, the username and password paradigm was invented at MIT – a brilliant creation at the time. “Today, you’ve got to deal with dozens of usernames and passwords, and if every site decides to include secure authentication, you’ve got to handle dozens of usernames and passwords as well as dozens of questions and responses. It’s not a sustainable scenario, and it needs to be rethought,” Caselles reflected. The problem has become chaotic:

What would happen if you went to the bank, had to register your signature, and were required to include in your signature at least two circles and three points? You would engineer your signature to meet those conditions. If you then went to another bank and were required three horizontal lines, and at the notary office required other conditions, it would become insufferable. At some point, you wouldn’t know what your signature is. You’d have one for each entity with which you have a relationship. That’s the mistake we’ve made with IT, and it’s a mistake we’ve expanded. And now, it’s a tough monster to deactivate.

Caselles provided an example. “We work with banks, and those banks are concerned with how to provide security for their sites. They’re not trying to impose more conditions on you or waste more of your time to increase security, but their attempts go against usability. The end result is either a nightmare or vulnerability,” he explained.

A Change of Paradigm

AuthenWare will present the proposal to the Silicon Valley chapter of the IEEE, the world’s largest professional organization for the advancement of technology.

Our proposal is to return identity to individuals, the factors of authentication. We’re presenting an international open standard for each person to have an authentication wallet, a wallet of authentication factors you take with you,” Caselles outlined.

With the wallet, individuals will have just one password, pin, set of questions and answers, biometric registration, etc.

“For any site you relate with, you say, ‘I use Google wallet or AuthenWare.’” What the site does to verify that you are really you is to ask whoever manages your wallet to confirm your identity with a certain level of security. The wallet provider, according to the level of security required, asks the person to confirm their mobile phone, Google Glass or smart watch – because this is very in-line with wearable devices – and the traditional channel is broken. If I’m going to withdraw funds, the machine won’t ask me for a pin but instead another party, another channel, for example, AuthenWare, which at the same time confirms the user,” he said.

The future is a world in which people interact with everything that surrounds them – smart buildings, alarms, smart cars – and not just a website. And such a scenario requires confirmation that someone really is who he or she says.

The challenge of authentication is bigger than ever. What we’ve changed is the paradigm. Instead of every institution and entity having to solve the security problem, we derive it to another instance that includes a wallet and the user,” Caselles remarked.

The company’s solution will be proposed as an industry standard, which would imply the emergence of competitors in a new niche. But AuthenWare isn’t worried about competition – in fact, quite the opposite. “What we want is for this to be an open standard for the industry for everyone to share, something compatible with all systems. What we want is to make a contribution to the world of authentication,” he concluded.

This text has been adapted and translated by Emily Stewart from its original Spanish publication