Can Machine Learning Finally Eliminate Passwords?
Replacing passwords with secure, friction-less authentication has been the Holy Grail for online security vendors. Many options have been tried with mixed results. With recent advances in Artificial Intelligence (AI) and Machine Learning (ML) we may be finally poised to deliver on this elusive promise. This talk provides a high level overview of the historical trends, current challenges and future opportunities in the field of user authentication, particularly as it relates to online access.
We start by introducing basic authentication concepts and the various methods used for validating identity of a user. The relative strength of each of these methods (e.g. password, OTP, PKI, FIDO, biometric, behavior, etc.) is studied both as independent modes of authentication and in combination with other methods. We also look at the specific mechanism of delivering user credentials, and how it can impact the overall security of the system. In an effort to balance the security of system with convenience for users, adaptive and risk based authentication frameworks are gaining popularity, especially when backed by AI and ML algorithms. Yet, herein lies the dilemma of letting machines decide what a human can or cannot do.
This talk will also explain the current landscape of AI and ML with specific focus on the identity and authentication space. It will cover scenarios that work, those that don’t and those that are shrouded in AI bias and can perhaps serve as a cautionary tale for technologists and policy makers alike.