Where Is Identity Management Heading?

By V. Balasubramanian, Marketing Manager, ManageEngine

Five years ago Mozilla launched an identity management system, Persona (originally called BrowserID). At the time, a sense of optimism was in the air. Everyone thought the new technology would ease the strain of remembering numerous passwords to gain access to various websites.

The alternative, outsourcing unified identity management to social media giants including Twitter, Facebook and Google, raised data privacy and reliability concerns. So everyone hoped that Persona would emerge as a strong unified authentication system and a credible alternative.

Fast forward to 2016. Though Persona has progressed well on the technology front, the aforementioned privacy and reliability concerns remain and Persona has failed to gain popularity. Mozilla has announced that it will shut down Persona by the end of this November "due to low, declining usage."

Despite its imminent closure, Persona managed to advance the field of identity management. It introduced verified email protocol, which enables users to use one email address to log in to any website that supports the protocol - much like logging in to websites with a Facebook account, for example.

That means end users do not have to create site-specific passwords. Instead, they can log in to multiple websites using a single email address. End users enjoy the twin benefits of not having to remember multiple passwords and not passing along information about their browsing pattern to social media giants.

Important Facts about Identity Management

Persona's pending shutdown reiterates a few important facts and indicates the direction in which the identity management market is moving:

Password-based authentication is still the dominant mode, and passwords are here to stay. Life with fewer passwords is still a distant dream.

Unified authentication systems are clearly needed, but they cannot stand alone. In most cases, end users cannot avoid creating site-specific passwords. At best, unified authentication systems could co-exist with traditional site-specific, password-based authentication.

Data privacy concerns loom large and stand in the way of large-scale adoption of identity management through social media.

Identity management analysts and industry luminaries have long predicted the disappearance of passwords. Unified authentication technologies including Persona and password alternatives such as biometric authentication, iris authentication, facial authentication and even authentication through watches, jewelry and electronic tattoos are all steps in this direction.

Interestingly, none of the alternative approaches have been viable so far, for various reasons. Passwords are easy to create and are absolutely free. The alternatives, on the other hand, are typically expensive, difficult to integrate with existing environments, difficult to use and require additional hardware components.

Where Is Identity Management Heading?

The future of identity management will most likely be a combination of password management and unified authentication. However, it seems that password-based authentication will continue to be the most prominent mode, and users will have to create and manage passwords. Wherever possible, unified authentication systems will be leveraged.

Federated identity management solutions, which help subscribers use the same identity to access multiple Web applications, will complement password management. Privileged account management solutions that support federated identity management, along with traditional password management, will prove to be highly beneficial.

Persona will soon be gone. The news has rekindled debates on the death of passwords, the emergence of alternatives, and the future direction of identity and access management. Plans to launch projects similar to Persona are also being discussed in various forums.

But the future direction of identity management appears certain: a sound blend of password management and unified authentication. The two will complement each other; one cannot outweigh the other or stand alone.

Join the CSO newsletter!

Error: Please check your email address.

Tags identity managementGoogleBrowserIDtwittermozillaPersonaFacebook

More about FacebookGoogleMozillaPersonaTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by V. Balasubramanian

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts