Embracing user-friendly authentication is key to strong security in Europe

With cyber threats targeting the enterprise reaching new heights last year, and the deadline for Strong Customer Authentication (SCA) just around the corner, companies operating within Europe will be wondering how to protect their users and workforce from threats, without adding further disruptions to workflow or complexity to the login experience.

Without disregarding the deadline for SCA, it’s important that businesses avoid rushing to adopt solutions that are inherently complex and insecure, such as those that are partly dependent on passwords or legacy 2FA authentication, as these methods can still leave private systems susceptible to threats.

Security and IT leaders must instead prepare to adopt intuitive authentication solutions that make strong, secure authentication as easy as possible for the user. To free us from our dependency on outdated authentication technology, we must start considering how user-friendly authentication technology, like biometrics, can be leveraged to enhance security.

Users are ready for biometrics, is Europe?

There’s really only one option when it comes to strong authentication: the simplicity and accuracy of biometrics can enhance security and the login experience all at once.

Since biometrics are unique to each user and require little conscious effort, they can help solve many of the user-experience and security pain points associated with more cumbersome authentication methods, like usernames and passwords, or email and SMS two-factor authentication. Their inherent simplicity is the exact reason users have become becoming increasingly comfortable using biometrics to access their personal devices and accounts.

However, despite the clear benefits, the adoption of biometric solutions at the enterprise level has been slow in Europe compared to Asia, Africa, and Latin American markets. One obvious reason for this trend is that companies operating in the European Union are under more regulatory pressure to protect sensitive biometric data under the General Data Protection Regulation.

Thus, processing sensitive biometric data, which cannot be readily changed in the event of a privacy breach, comes with an unprecedented level of responsibility — a burden that many businesses simply don’t want to carry.

The good news is that solutions leveraging privacy-enhancing technologies directly address the issue of privacy in relation to the use of biometrics.

Closing the trust gap

Privacy-enhancing technologies is an umbrella term for a range of advanced cryptographic techniques for processing, storing, and managing private data in a way that does not expose the data to any party involved in the process.

Privacy-enhancing technologies can essentially be leveraged to securely store private authentication data on the cloud using distributed systems. While this might not mean anything to the average user, the ability to securely store biometrics on a distributed cloud network is nothing short of revolutionary in cybersecurity.

Current biometric solutions — take Face ID for example — lock biometric data to a user’s device, essentially marrying a user to it and as a result creating a chain reaction of user-experience issues if the user loses access to that device.

Distributed cloud storage gives users more control, as they can essentially use one set of biometrics across multiple-devices. In terms of user experience, this allows for features such as biometric-enabled account backup and recovery and multi-device registration.

In terms of enabling strong security, this means that companies can have greater assurance that a user is who they say they are (as each user only has one set of biometrics for all their devices).

For companies using legacy authentication solutions (usernames and passwords) that rely on centralized databases to store private credentials, the transition to private-by-design distributed cloud systems can reduce the impact of security breaches, helping to restore trust and improve relationships with employees, users, and external stakeholders.

The opportunity

The future of security depends on our ability to make authentication fast, easy, and as minimally disruptive to the user-journey as possible.

Solutions that replace cumbersome authentication methods, with user-friendly, privacy-first solutions will dramatically improve their security and compliance posture, without impeding productivity or user-experience.

It’s up to companies whether or not they’re ready to embrace this step change. Those that do will become significantly more resilient to threats, and attractive to customers.