In the last twenty years authentication is based primarily on three factors: something a person “knows”, “has” and “is”. This led to the emergence of authentication based on (passwords, PINs, images, pattern), devices (smartcard & USB tokens, OTP etc) and biometric traits (biological and behavioral based systems).
Last five years have seen the emergence of a fourth factor. “Risk-based authentication”. This can take into account a number of factors, user and network information, positive device identification, user profiling etc. Based on the status & information of these factors a risk score is calculated by the authentication system. If the risk score exceeds a threshold the level of authentication is elevated. Else access with minimum authentication is allowed.
FIDO Alliance (Fast Identity Online) is a consortium launched in 2013 to address the issues caused by lack of inter-operability among authentication devices and problems faced with password management. This technology is being increasingly used in Risk-Based Authentication.
With major advances in authentication technology, the password-less world is finally knocking at our doors!