Why Consumer Authentication Is Broken
corbado.comAs long as there is any need for authentication, the upside from consumers will be drastically limited no matter what you do.
That's one big elephant in the room that a strong sense of "broken" comes from.
I think passkeys will bring us automatic authentication, where you can establish an automatic login with consent across all operating systems. The operating system would silently log you in the background. Do you think this could lead to privacy discussions, even if it adds security?
>this could lead to privacy discussions, even if it adds security
These discussions have a lot of catching up to do.
I'm no expert, but I think privacy needs to be the highest priority. The purpose of security measures should be first to preserve privacy, as they work to mitigate other threats if possible.
I just don't think I would be a happy camper with a single point of failure for both identity and security.
Really have no use whatsoever for a Microsoft account or anything like that.
It could be combined, there are solutions to that.
"As long as there is any need for authentication, the upside from consumers will be drastically limited no matter what you do."
What do you mean by this?
I guess from a tech perspective, we can now create solid connections between clouds and consumer accounts without the need for social logins (device/cloud -> websites). We will be flying to Mars and have self-driving cars, yet we still have to juggle passwords and password managers.
>What do you mean by this?
By default in a free country there will always be loads of consumers who have no interest in authenticated activity.
Authentication of all types in every facet of life may not be completely avoidable, but more people are aware of the fruitless friction often involved, plus risk of divulging anything uniquely identifiable for mere consumer acquisitions.
As malicious threats continue to increase exponentially, especially online, you can expect more consumers to withdraw from previously-accepted remote identification schemes altogether, rather than escalate their own personal "identity crisis" at the rate needed to meet the challenge.
>we can now create solid connections between clouds and consumer accounts without the need for social logins
Some casual websites can be more sure than ever who is visiting and whether or not they are a qualified consumer. While at the same time consumers must endure more challenges to access the website, and increasing risk for the disclosure of their information, and are becoming less sure that any website can be trusted at all.
So the anti-privacy enthusiasts have gotten as far as this will take them (at present levels of consumer friction), as mentioned above I expect downward pressure from here.
If anti-privacy is to continue flourishing, they're going to need a whole new level of intrusion from this point.
You're right about the growing friction between security and user experience, especially with the increasing sophistication of threats. However, if we don’t move towards more seamless & secure authentication methods, won’t we risk stagnating in terms of security? The average consumer is at risk, the privacy-savvy user can avoid that easily, the question is how do we help the "average consumer"?
That's the really good question, seems to me the average consumer is being let down the hardest, and they are the most abundant and on whom B2C depends on most.
I think security is already less than stagnant, it's declining under overwhelming force, the same force that presents the risk of consumers stagnating or reversing in response.
Exactly, the average consumer is the most vulnerable in this landscape. Passkeys, in particular, seem like a promising solution to simplify authentication and protect average consumers. With better integration across platforms, could passkeys be the bridge that balances security and convenience for the 'average consumer' without requiring them to be privacy or tech experts? Most of them share much more valuable information in the cloud already (from privacy perspective)…