This post is the second in a series of eleven articles I am writing about trends in the Identity Management industry. 

After all is said and done, Authentication continues to be right at the heart of Identity Management.  Determining whether the correct set of Identity credentials is presented, so a person or process can be granted access to the correct system, application or data, is critical to the integrity of the online experience.   Authentication is like the gatekeeper or enforcer who determines who gets in the door. 

1. Demand for strong authentication is accelerating as the sophistication and sheer numbers of people who would defraud or damage online systems continue to grow.  More effort is being focused on just how to economically, but securely, implement strong authentication methods to protect confidential information.
2. As the need for strong authentication grows, there has been considerable conversation about whether the pervasive use of passwords is headed for extinction.  Is the password really on its deathbed? In a Network World column posted earlier this year, Dave Kearns equated passwords to buggy whips.  In my response entitled Passwords and Buggy Whips, I challenged “Replace username/password with what?"  Until we get wide acceptance of alternate methods, it is unlikely that passwords will join buggy whips in the dustbin of history.
3. In a subsequent post entitled, Seat Belts and Passwords … and Buggy Whips, I proposed that “until ease of use makes passwords irrelevant, people will continue to use buggy whips or drive without seat belts.”  The key issue dogging the industry is how to provide identity credentials that are so easy to use that the technical unsavvy majority can easily use them while providing a level of security commensurate with the rising tide of online threats.

Recommendations:

1. Assess what level of security is needed for different areas of your enterprise.  In some cases, authentication must protect high value information.  In other cases, less strong authentication may be appropriate.
2. Seek to understand what your users need.  What methods are both secure and easy to use for them?
3. Is the cost of strong authentication commensurate with the risk of data loss or compromised system access?
4. What is the best combination of authentication methods to serve my user community and protect my business interests?

Many years ago, while involved in a large physical security project, we joked that you need to invest enough in your security system so it is cheaper to bribe the guard than to breach the electronic system.  The same principle may be true with Identity Authentication.

As I slept last night, my Twitter follower count edged above 1,000. In light of the fact that President Obama has 2,278,978  followers and even John McCain has 1,446,896, all this proves is that I am firmly entrenched way out on the long tail of the Twitter economy.

A provocative line in a song I have known since childhood declares, “Time flies on wings of lightning. We cannot call it back … ”

Based on an embarrassing social networking experience I had yesterday, I think we could safely paraphrase: “Words fly on wings of lightning. We cannot call them back!”

It all started when I noticed a comment from a prolific tweeter from London:

if you are retweeting something from google in order to get a wave invite then you are a <deleted>. and so are they. that is all.

Since I had just done that abominable thing, I quickly looked up <deleted> in the dictionary and posted this tweet:

Just learned a new word:  <deleted> = contemptible person; jerk.  Based on Twitter commentary, I must be one.

When that tweet reached Facebook, it triggered a small avalanche of comments.  It was great to see a friend speak up and say:

you are definitely not a <deleted>.

It was also nice to hear from a young man who used to live next door, but whom I haven’t seen in many years:

…my brother calls me a <deleted> all the time. I’m glad to get a definition on that…..sort of.

But I started to wonder what I had done when an acquaintance suggested:

Tip: Don’t have this conversation with anybody from the UK…. … It has a very specific meaning across the Atlantic, one that is best left unexplained on a public forum

What had I done?  I quickly dug a bit deeper into the meaning of <deleted>, only to find he was exactly right.  I shouldn’t be using such language in a global forum.

Well, words had flown on wings of lightning.  I even tried to call them back via Twitter:

Actually, when I looked into it, it is definitely British slang that is not used in polite company.  Oops!

And later:

Lesson learned today: Be very, very wary of repeating slang used by a tweeter from another country.  Could be very embarrassing.

It was heartening to hear from some friends who obviously had a chuckle, but questioned my motives at first:

Whew! I frankly was a bit surprised to see the Mark Dixon I know using that term. We all learn something new every day!

Yeah Mark, I was gonna jump in and say something, but then I realized i have no business correcting anyone’s language.

LOL, I was wondering when you’d figure that word out.

Well, I have been painfully reminded again that we must be very careful about what we sling out into cyberspace.  Words do indeed fly on wings of lightning!