National Identity Management Day recognizes the importance of managing and safeguarding personal identity information. Identity theft is a major concern in today's digital age, and this day serves as a reminder to individuals, organizations, and governments to take proactive measures to protect sensitive information. By promoting awareness and education on the proper handling and protection of personal information, National Identity Management Day aims to reduce the risk of identity theft and fraud, which can have serious consequences for individuals and society as a whole. It also highlights the role of identity management systems in promoting efficiency, accuracy, and transparency in various sectors, such as healthcare, finance, and governance.
We heard from top identity security and verification experts from around the industry on what organizations should be doing to ensure they are protecting digital identities and access.
Peter Barker, Chief Product Officer, ForgeRock
“The traditional username-password login model is fundamentally flawed. Last year alone, more than 2 billion usernames and passwords were breached, and 50% of records breached were caused by unauthorized access. Not only are passwords a major security risk, they also hinder productivity and efficiency, leading to lost ROI for organizations seeking profitability more than ever before.
It’s time to embrace passwordless authentication, abolishing traditional passwords once and for all. While many claim passwordless is in the distant future, the reality is that the right identity partner can make it a reality, right now, for both employee and customer end users.
Passwordless authentication replaces traditional passwords with more user-friendly, secure methods, ranging from biometrics, authenticator apps, and certificates. This Identity Management Day, let’s say goodbye to passwords, and embrace a world where we never have to login again.”
Stuart Wells, CTO of Jumio
“Identity Management Day underscores the importance of protecting our digital identities now that identity-related data breaches are becoming more frequent. Organizations, and the public alike, must adjust to the current cyberthreat landscape and take action by securing and responsibly managing their digital identities. After all, identity-related information remains one of the most coveted data by hackers and commonplace security measures like passwords, two-factor authentication and knowledge based authentication are no longer enough to keep data safe. Although cybersecurity is enhanced and developing daily to safeguard data, cybercriminals continue to find new and better ways to access it.
Business leaders and IT decision-makers must remain aware of hackers’ new and innovative techniques to steal data. Now, more than ever, is the time to implement stronger security to protect identity-related information. For example, identity verification solutions supported by biometrics can ensure that the user attempting to access an account is who they claim to be. By using biometrics to accurately verify users, organizations can help keep digital identities and data out of fraudsters’ hands.”
Rod Simmons, vice president of product strategy, Omada
“There’s no doubt that companies face greater cybersecurity risk than ever. Most people think of this risk as coming from malicious outsiders bent on breaching their network and stealing their data. That’s often the case, but risk also comes from within when proper security controls aren’t in place. This can be due to a culture problem.
To really strengthen defenses for the long term, you need a strong corporate culture around security. The objective is not to turn every employee into an IT expert, but to raise overall awareness of how their actions can help safeguard the organization. By instilling the notion that security is a shared responsibility across the entire company, rather than solely a concern for the IT department, all employees can better appreciate the role they play in protecting the organization's interests.
Technology can’t fix culture. Only an organization’s leaders can do that, and they have to take a strong and proactive, top-down role in transforming a weak security culture. Change starts with fully understanding the importance of identity management to the organization overall. Enterprises need to make sure they have all the necessary capabilities in place to ensure success, because there are possible traps that need to be avoided, such as not including the appropriate stakeholders, the absence of best practices, being too ambitious out of the gate, and underestimating the significance of data quality.
Identity governance and administration (IGA) is key to this. You need to know who has access to what, and why, to create a sturdy foundation for a stronger culture of security.”
Sameer Hajarnis, Chief Product Officer, OneSpan
“Today everything is digital — work, shopping, even your wallet — and there’s one thing that secures you throughout your digital life: your identity. But digital identities are broadly defined, including everything from your username and password to your gender, address, and date of birth. Think about it: Every time you input your address into a website when shopping online, you’re sharing part of your digital identity.
We are constantly sharing these attributes that make up our digital identities, and this will only expand as we do more things digitally. But this also means that threat actors can more easily commit identity fraud and create synthetic identities. These synthetic identities have the ability to disrupt people's lives and the way we do business. Consider, for example, that AI tools can be used to generate authentic-looking fake passports or ID cards that can bypass authentication and verification platforms.
What this tells us is that we need to be thinking about what’s to come and stop being responsive to changes in technology. What we need is to be thinking about how we can protect a business and a consumer’s digital identity. This means implementing a system where digital identities are provisioned in a secure way and can only be unlocked with a strong user authentication in place. Not only does this protect digital identities from abuse and fraud, but it also limits the amount of identity attributes users need to share. Instead of sharing every piece of personal information, users would only be disclosing the minimum information required to get the job done. This is how we will protect and secure digital identities as we embrace web3.”
James Lapalme, VP & GM of Identity, Entrust
“The pandemic ushered in an accelerated wave of digital transformation and as the world went remote, the demand for high-assurance secure solutions skyrocketed. However, with increased digital interactions comes an even greater risk of cyber threats and fraud, which means many of the current security solutions for identity management are no longer effective. Passwords, which have served as the standard for protecting digital goods and services since their inception in the 1960s, are high customer friction, insecure and becoming obsolete at best. In fact, 51% of people reset their password at least once a month because they cannot remember it, and according to the U.S. Federal Trade Commission, 2.9M fraud reports were filed as of 2022 and identity theft was the number one category for consumer complaints. As the trend towards digital transactions continues to increase alongside security threats, there’s an urgent need for new identity management and protection strategies and technologies to enhance security.
When it comes to multi-factor authentication (MFA), too many enterprises still use single-factor authentication and have an over-reliance on one-time passcodes. Yet, organizations should leverage high-assurance passwordless MFA solutions that include physical proximity factors and certificate-based authentication to protect against remote account takeover (ATO) attacks. For a more comprehensive approach to security, companies need to embrace and adopt a Zero Trust strategy. Adaptive risk-based authentication is central to a Zero Trust framework, providing continual contextual awareness of user and device behavior. This can include multi-factor authentication, single sign-on, passwordless login and more. While Zero Trust implementation is a journey, by taking an identity-centric approach to Zero Trust, companies can take a step in the right direction to maximize security while minimizing unnecessary friction – and begin to fill in the gaps they have in their networks that are making them less secure.”
Viktoria Ruubel, Managing Director of Digital Identity, Veriff
“The concept of ‘digital identity’ has evolved tremendously over the past decade, and the explosion of digital platforms has led to today’s online users having countless digital identities. It wasn’t until recently, however, that users became both aware and concerned about the amount of personal data being collected and shared by third parties online. As privacy concerns for both users and businesses become top-of-mind and technologies advance, we’ll see the next generation of identity verification come to the forefront. This will come in the form of reusable digital identity, that enables individuals and businesses to securely re-use a trusted digital identity across multiple online platforms and applications, creating more trust and better experience, and leading to less time and money spent by businesses in the process.”