© All rights reserved.
nok nok nok nok
  • Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • IoT SDK
  • Resources
    • Demo
    • White Papers
    • Videos
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support
nok nok
23 Dec
5 Min read

Predicting the Unpredictable: What’s Next for Digital Identity in 2021

December 23, 2020 Nok Nok News Digital Payments, Industry News 0 comments

In all of my years working in this industry, 2020 has been one of the most challenging ones. COVID-19 derailed business-as-usual for virtually every organization across every industry, forcing them to set aside their existing strategies and quickly pivot to deliver remote connectivity at a massive scale to accommodate their workforces, customers, and more. On top of the sheer scalability and efficiency challenges, security risks further raised the stakes as hackers sought to take advantage of the pandemic’s disruption. 

As I reflect on the challenges brought on by this year’s uncertainty, here are my top three predictions of how 2020 will shape the industry next year.

Contactless QR code security will become more critical than ever 

The use of QR codes has extended beyond just restaurants and hotels. From being posted on office walls to keep employees advised of updates on procedures and processes to airport parking lots and more – you can pretty much find them anywhere with the arrival of COVID-19. While QR codes bring much-needed consumer convenience in these unprecedented times, they also serve up a menu of security concerns as well. 

In 2021, even as vaccines are (hopefully) distributed, the reliance on QR codes will remain. The unparalleled convenience will cause them to stay as a lasting impact from the pandemic.  Consumers will continue using their personal devices to scan QR codes and enter information like name, email address, phone number, and more. The problem is that QR codes are appealing targets for hackers to get their hands on sensitive data. A hacker could easily embed a malicious URL containing custom malware into a QR code, which could then exfiltrate data from a mobile device when scanned. Building QR codes that direct consumers to dangerous websites expose them to malicious attacks across mobile-threat vectors, including texts, instant messages, or even spam emails. With this in mind, organizations leveraging QR code technology will need to build stronger, standards-based authentication into the systems; otherwise, related hacks will skyrocket in the new year, and consumers will pay the price.

Risk signals are out. Assurance signals are in

In 2020’s digital world, applications, devices, and users often live and work outside corporate boundaries. Continuous assessment of contextual factors (user, device, location, network, threat signals, and more) provides secure access to corporate resources regardless of where they’re hosted. Remote work is here to stay, which means former physical perimeters have been disrupted, and one-time authentication for access to all resources is no longer valid. With the threat landscape more active than ever before, inadequate digital ID verification can heighten risks and liability. Thus, more specific assurance signals of who is in and out of our networks will become essential in 2021. 

As organizations move away from risk signals and put a stronger emphasis on these assurance signals, they will be forced to consider all parties within their network to provide a centralized approach to defining and monitoring security controls. Knowing exactly who is there will become one of the most important pieces of organizations’ security postures in the new year. 

Remote work will be polished by cleaning up rushed security and adding strong UX

COVID-19 has shined a spotlight on the culture of breaches in 2020. With the abrupt shift to remote work, organizations were forced to shift priorities and rethink approaches to securing remote workers. Many organizations found success in implementing controls for managing remote workers suddenly. However, many were not prepared for the number of phishing and ransomware attacks that came with it. 

To succeed in the post-COVID-19 era, organizations must rethink their strategies and offerings to accommodate a new security landscape. As organizations evaluate their 2021 budgets, they will be forced to allocate a portion towards the weak areas that COVID exposed in 2020. As companies take a more holistic view of their security infrastructure, there needs to be a greater emphasis on embedded security in order to prevent further damage as the remote work trend continues. 

While it is next to impossible to completely prevent cyberattacks, more in-depth efforts towards security are imperative in this age of heightened risks. Organizations will need to remain hyper-vigilant on striking a balance between strong user experience and robust security protocols. Though gaps and hiccups have slipped through the cracks in 2020 due to rapid transformation, organizations will need to polish their processes in 2021 to ensure users are both satisfied and protected. 

While there’s no crystal ball for what 2021 will hold, history is a strong indicator that attackers will continue to refine their methods to take advantage of global events and adopt new technologies. I believe that we will learn from the challenges that 2020 brought in order to make the changes needed for a stronger, more secure world. I also hope that everyone has a safe and joyous holiday season and a prosperous New Year.

Read more
18 Dec
4 Min read

History has an Echo

December 18, 2020 Nok Nok News Industry News, Passwordless 0 comments

In 1876, the first telephone call was made. The technological principles of the telegram – allowing for instantaneous communication over long distances – were deployed at a massive scale to allow for advanced, personal communication to be deployed in every home. The leap from dots-and-dashes to voice-and-sound took 32 years (Samuel Morse sent his first telegraph in 1844). By the late 1890s, 20 years since Bell asked Mr. Watson to join him in his lab, the sky of New York City had been blotted out by the ill-conceived, inefficient infrastructure built to deliver these services.

History, it seems, is not without an echo.

It was roughly 30 years between the invention of the computer password to the wide scale adoption of the internet. In the intervening 20 plus years, digital accounts have proliferated much like phone numbers in the late 1800s. And again, an ill-conceived, inefficient infrastructure threatens to blot out the sky.

In the near future, each household will be managing around 50 connected devices. 5G will drive a wave of innovation powered by new ideas about what we can do with all of that bandwidth and connectivity. The problem with technological waves is that the mental framework, the mindset that governed the prior generation of technology is slow to die. Therefore, we will find ourselves overrun with password fatigue, dreaming of the day we could see the skies through all of the password-lines.

But we will evolve. We have to. Our current mindset and methodology just doesn’t scale. The problem of digital identity will need to be solved.

First, in the next 1 to 5 years, passwords will become the “additional” factor, rather than the primary one. Other strong signals – like device data, physical and behavioral biometrics, or a second trusted device  – will become the primary. We have already seen these trends in Apple products, like using the Apple Watch to unlock your MacBook, or the nigh ubiquitous fingerprint sensors. Soon the password will primarily be used as the method of “step-up” authentication.

Between 3 to 8 years from now, passwords will be fairly rare. Authentication will still be between a service provider and their customer, but the customer experience will be dramatically different. Companies will rely – primarily – on technologies like FIDO that provide cryptographic verification of identity. These will continue to be augmented by risk engines to discern identity. The industry will begin to see the emergence of “trusted identity providers” – an evolution of today’s social login features and password managers. These companies will provide users with the ability to log into their multitude of profiles with a single click. But the scalable attack of a breached username and password database will no longer be possible. This new paradigm will not be reliant on shared secrets.

5 to 10 years from now, you will see identity becoming its own segment of the mobile ecosystem. Not as service providers licensing products – but as organizations that share pieces of information at a microtransaction level that is so small as to stay unprofitable. When the user opens an application, it will query a network of participating companies (possibly over a blockchain or similar technology) asking “Who is there?” Tiny pieces of information will all coalesce to reveal the true digital identity of the user. Just in time and only what the application needs. All of this in a privacy preserving manner with user consent and transparency.

These predictions are not revolutionary. We have the technology that can perform all of these actions. What will be revolutionary is the business model that sees them coming to fruition. There must be an incentive, a reason for these claims to be harvested, recorded and shared. It cannot be a single entity. Each service provider will be interested in different parts of my digital profile and should only need to pay for what they need. This solution will need an ecosystem to support it.

Pasts Echo will continue to reverberate. Just as we evolved from the telephone poles and over the air wires in New York to a world with underground fiber and wireless communication – we will see big changes in our identity infrastructure as well. Identity discovery will no longer be through One-to-One connections. Instead it will be over Identity networks that are very secure and part of the invisible fabric that makes the Internet.

Read more

Contact Us

Nok Nok, Inc.
2890 Zanker Rd #203
San Jose, CA 95134

(650) 433-1300

[email protected]

Get Google Maps Directions
footer-logo
fido

Latest Posts

  • Missing the Forest for the Trees
  • Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity
  • Top 6 Considerations to Build vs. Buy FIDO-based Passkeys
  • Authenticate 2023: The Tipping Point for Passkeys and Passwordless Authentication

Navigation

  • Subscribe
  • Resources
  • Careers
  • Support

Nok Nok Labs, Nok Nok, and NNL are all trademarks of Nok Nok Labs, Inc. © 2023 Nok Nok Labs, Inc.
FIDO is a trademark of the Fast IDentity Online, (FIDO), Alliance. All rights reserved.
Terms Of Use and Privacy Policy

About Us

Founded in Silicon Valey in 2011, Nok Nok is the trusted leader in frictionless, passwordless consumer authentication for the world’s largest organizations.

Recent posts

Missing the Forest for the Trees

Missing the Forest for the Trees

17 November 2023
0
99
New technologies, especially those that are transformational, get scrutinized – that’s normal.  The...
Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

10 November 2023
0
276
In the world of cybersecurity, the federal government sets some of the most...
Demo
Free Trial
Videos
Contact Us
Support

Contact Us: (650) 433-1300 • [email protected]

MUFG-800×600

“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”

– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.

 

The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape.  In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.

Coverage In The Paypers
Coverage In Finextra
intuit

“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

– Rakan Khalid, Group Product Manager, Identity.

 

Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.

Read The Nok Nok Intuit Case Study
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
docomo-800×600

“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.

Coverage In Find Biometrics
Coverage In Telecompaper
bbva-800×600-2

“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”

– Juan Francisco Losa, Global Technology & Information Security Officer.

Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.

Coverage In American Banker
Coverage In Planet Biometrics
Softbank-800×600-1

“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.

Coverage In Mobile ID World
Coverage In Planet Biometrics
Coverage In The Paypers
Aflac-Japan-800×600-1

“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”

– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.

With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.

Coverage In Find Biometrics
Coverage In Find Authority
lichtenstein-800×600-1

“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”

– Lukas Praml, CEO of YOUNIQX.

 

YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein.  This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.

FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.

Learn How FIDO Supports EIDAS Regulation
Coverage In Mobile ID World
Coverage In The Paypers
Coverage In Biometric Update
Gallagher-800×600-1

“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”

– Steve Bell, Chief Technology Officer at Gallagher

When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company.  Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.

Coverage In Biometric Update
Coverage In Mobile ID World
Coverage In Planet Biometrics
tmobile-800×600-1

“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”

Michael Engan, T-Mobile

 

Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.

Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.

We use cookies on this website to improve functionality and performance, analyze traffic to the website, and enable social media features.  To learn more, please see Cookies in the Privacy Policy. Please click ACCEPT to agree to these terms.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

3rd Party Cookies

This website uses Google Analytics and other services to collect anonymous information such as the number of visitors to the website and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy

  • 日本語