Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Architecting Identity: Five Essential Elements of a Modern Customer Authentication Service

Rapidly accelerated digital transformation strategies over the last few years only cemented what digital identity architects already knew: identity is the perimeter. While protecting enterprise assets using identity and access management (IAM) is important, companies also need to address the applications their customers use. In 2021, the Federal Trade Commission[1] received 2.8 million fraud reports from consumers that totaled more than $5.8 billion in losses.

Digital identity architects want to modernize their authentication stacks for various reasons, including:

  • Simplifying their architecture
  • Improving security and fraud protection
  • Reducing costs
  • Accelerating speed-to-market for new capabilities
  • Improving the customer experience (CX)

To protect customers, identity architects should use a FIDO-based solution to modernize their customer authentication.

Why CIAM isn’t the same as IAM

Customer identity and access management (CIAM) is purpose-built for customers who exist in the free world, an unmanaged IT environment. Traditional IAM, however, was built to manage internal employees, which means that the organization has control over connecting users to their real identities, birthright provisioning and device security.

Most organizations don’t have control over their customers’ access to digital experiences. When comparing CIAM vs. IAM, dedicated CIAM solutions address key differences that companies need to consider, such as:

  • Balancing CX and security
  • Enabling access via any device
  • Providing omnichannel access, including offline channels
  • Integrating consistently and uniformly across technologies
  • Complying with privacy and data regulatory requirements

In response to these differences, digital identity architects are modernizing their authentication stacks. Many digital platforms natively incorporate some CIAM elements. They may have a built-in user store supporting password authentication, for example. Others are related to cloud-specific systems, like Azure AD B2C. However, the complex, legacy authentication technologies come with their own set of problems, like:

  • Inhibiting the customer experience
  • Lack of easy integration into websites, mobile apps or other channels
  • Inferior protection against account takeover (ATO) fraud
  • Remain vulnerable to credential theft via phishing, credential stuffing or man-in-the-middle attacks

Typical workarounds for strengthening customer authentication currently include:

  • SMS or token-based OTPs
  • CAPTCHA-type verifications
  • Out of wallet questions

These controls are not impervious to attack and at the same time, they add complexity and cost to the authentication stack. In addition, they undermine the seamless CX that the organization is striving to provide.

Modernizing CIAM with FIDO

In response to cloud-based customer experiences, more focus has shifted to authentication. Modern authentication systems tend to be built around the FIDO standards of Web Authentication (WebAuthn) and Client-to-Authenticator Protocol (CTAP).

With these standards, FIDO provides more secure, multi-factor authentication (MFA) and offers the most robust passwordless option for a low-touch customer experience.

5 Essential modern customer authentication elements that FIDO enables

Enhancing customer authentication leads to more robust security, but any transition requires a certain amount of planning. Organizations that want to move toward FIDO-based authentication should begin by prioritizing the following five elements:

Enhancing customer authentication leads to more robust security, but any transition requires a certain amount of planning. Organizations that want to move toward FIDO-based authentication should begin by prioritizing the following five elements

1.Biometric authentication: Best authentication practices include MFA that validates at least two factors: ‘something you know,’ ‘something you have,’ and/or ‘something you are.’

Most mobile phones support FIDO-based biometric authentication — up to an estimated 80%, according to Statista. Mobile phones, laptops, tablets and desktops often incorporate fingerprint or facial recognition like:

  • Apple FaceID and TouchID
  • Windows Hello
  • Android fingerprint or facial recognition

Customers can login to an organization’s website using their biometrics without the company ever storing the data. Some customers own a combination of FIDO-based and non-FIDO devices. When implemented correctly, FIDO-based CIAM enables these customers to use their FIDO-enabled device to login on their older unsupported devices.

2. True passwordless: Even with FIDO, many implementations still rely on passwords as a fallback method for account recovery. The organization’s user store maintains the password hashes and attackers often target them.

When appropriately implemented, FIDO-based authentication systems can completely eliminate passwords. Customers can recover accounts using:

  • Another device
  • One-time-password sent via email
  • Magic link sent via email

Passwordless solutions enhance security in two ways:

The organization reduces its attack surface by not storing password hashes

The organization no longer relies solely on customer passwords that can be compromised

3. Passwordless portability: As users move across channels or switch devices, passwords lead to broken journeys causing frustration at every step. For example, if a company uses magic links, customers need to go through the following three step process when changing app or if they lose their device:

  • Request link
  • Open email
  • Click magic link

A CIAM solution that supports FIDO gives customers the portability they need for a seamless experience. They simply open the application on their FIDO-based device or redownload the application to a new device.

4. Support customers without FIDO-based devices: Not every customer will have a FIDO-based device. And not every customer who does own a FIDO-device will enable its biometric capabilities. Therefore, companies need to find methods that still provide these customers with a seamless and  strong method of passwordless authentication.

In this case, using a passwordless CIAM solution that integrates with Auth0 can be useful. Customers can use a social media account as a way to securely log in to the application without having to remember additional passwords.

5. Integrate with existing user stores: While eliminating passwords throughout an organization is a positive, companies should take caution not to let the updated change negatively impact their customers. Smoothing the transition to passwordless for your customers is all about educating customers on the benefits of going passwordless and supporting them throughout the transition. Taking a full rip-and-replace approach is costly, from both a financial and human resources perspective.

As part of the planning, the organization needs to ensure that FIDO can integrate into the organization’s current user stores. For easy integration that offers rapid implementation capabilities, organizations should look for solutions that support the same authentication protocols as their existing systems. For example, a common, standard protocol is OpenID Connect (ODIC).

The future of customer authentication

Passwordless is the future of customer authentication. As digital natives become active consumers, they’re more likely to abandon a cart or leave a website if the experience requires a password that they’ve long forgotten.

The adoption of passwordless authentication by tech giants, such as Microsoft and Google, is just another sign of the growing momentum behind ditching passwords. Companies of any size can implement a passwordless solution like BindID — the industry’s only truly passwordless solution. BindID eliminates your greatest business risk — customer passwords — enabling seamless and secure customer authentication experiences across all channels and devices.

Ready to say goodbye to passwords? Learn more about BindID today!


[1] Source

IT Leadership, Security


Read More from This Article: Architecting Identity: Five Essential Elements of a Modern Customer Authentication Service
Source: News

Category: NewsMay 24, 2022
Tags: art

Post navigation

PreviousPrevious post:CIO Leadership Live with Head of ICT Iain Boyd of ANZCO FoodsNextNext post:Don’t Get Caught with Your Door Unlocked

Related posts

휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
May 9, 2025
Epicor expands AI offerings, launches new green initiative
May 9, 2025
MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
May 9, 2025
오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
May 9, 2025
SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Recent Posts
  • 휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
  • Epicor expands AI offerings, launches new green initiative
  • MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.