4 Identity Management Trends to Watch in 2022

The news that the COVID-19 pandemic shifted consumer demand for online goods and services, and the avenues through which organizations of all industries operate, interact, and grow, turned stale over a year ago. Since then – in tandem with a global migration to the cloud – businesses have scrambled to meet the operational and psychological needs of remote working and a digital-first way of life for consumers.

From the explosion of mobile banking and e-commerce to telehealth and online sports betting, the digital transformation of nearly all fronts of our lives has spurred an equally dramatic shift in digital security practices and solutions. But now, almost two years since stay-at-home orders first blanketed the globe, the broader cybersecurity industry is reckoning with new innovations, threats, and opportunities.

As we enter 2022, four emergent trends are developing across sectors and continents.

1. Remote workforces drive adoption of next-gen authentication

Few industries have been excluded from the transition to remote and hybrid work. With each new Covid wave, and given workers’ overwhelming preference for flexibility, companies are now adapting their operations to meet the needs of a workforce that may never fully return to the traditional office setting. Remote, decentralized teams can boost morale and spur creativity, but they also introduce a new set of cyber risks and challenges. For more than a decade, human error (repeated passwords or falling for phishing emails, for example) has caused roughly nine in 10 cyber incidents. And most cases of successful digital breaches and fraud are rooted in stolen or hacked passwords.

Of course, left unaddressed, the cyber frontier would be dire. Fortunately, leaders recognize that investing in enterprise security is now a business imperative, and IT decision makers are reconsidering their data protection strategies to secure these remote workers and protect company assets. While IT continues to drive password hygiene through remote security training sessions, legacy tools like one-time pin codes and knowledge-based authentication are no longer effective in mitigating risks. This quest for better alternatives to ill-equipped legacy authentication solutions is driving an unprecedented demand for biometric authentication.

2. Biden’s cybersecurity executive order comes full circle

Last year, watching the rate of cybercrime and digital fraud spiral upward, the Biden Administration issued an executive order calling on the U.S. government to institute “bold changes and significant investments” in security measures to better insulate federal networks from attack. This was followed by a missive from the White House Office of Management and Budget in October 2021 which defined a “zero trust” strategy, outlining the security architecture driving the executive order’s push to overhaul federal cybersecurity practices. Most recently, on January 26^th, the Administration gave federal agencies until the end of the fiscal year 2024 to “achieve specific zero trust security goals.”

These orders will further drive nationwide adoption of multi-factor authentication (MFA), the requirement of additional verification information (known as “factors”), so users cannot log in with just a username and password. Achieving zero-trust won’t include legacy MFA options like vulnerable one-time pin codes or easy-to-spoof, knowledge-based questions like “What was the make of your first car?” They’ve proven themselves to be insufficient identity managers, time and time again. In the coming year, enterprises will need stronger authentication alternatives to establish trust and defend against highly sophisticated cybercriminal networks.

3. Online gaming ups the ante on identity and age assurance

Online gaming is enjoying a golden age, but state and federal regulators are hot on its tracks. As restrictions tighten on who can game and where they can do it, companies like Nintendo and Tencent, sports betting apps like DraftKings and FanDuel, and traditional betting giants like Caesars and MGM, will also be compelled to ramp up identity trust and age assurance efforts. Driving that effort will be next-generation identity authentication.

Implementing selfie biometrics in the identity authentication process will help gaming platforms comply with regulations, while protecting advertising revenues and preserving consumer trust in the platform. Crucially, they can also shield their customers against account takeover and loss of funds due to credential data phishing and theft. Facial biometric verification provides an additional layer of security to these highly trafficked gaming networks and strongly deters the hackers that may otherwise attempt to infiltrate them. And gaming is not the only sector that will inevitably adopt more fortified age-assurance tools. As more consumers take to the internet for alcohol and nicotine purchases, food and beverage companies from BevMo! to Whole Foods will have to follow suit.

4. Passwords will become (nearly) obsolete

In 2022, enterprises of all industries and markets will explore technology that eliminates passwords and ways to ensure that consumers follow through with their identity authentication transactions – not only to address security implications, but also to provide consumers, employees and other users with a highly secure and low-friction sign-on experience. The fact remains that some of the most catastrophic and costly cyber breaches in recent memory started because of weak password security. The SolarWinds attack, hailed by Microsoft President Brad Smith as the “largest and most sophisticated attack the world has ever seen,” was born out of a laughably simple password that was exposed on a private forum. SolarWinds spent approximately $100 billion in recovery costs.

This unprecedented migration to a digital ecosystem has brought new challenges to various industries, and establishments must adapt quickly to meet them. The need to respond to the most pressing global issues of our time – from novel viruses to economic tumult to climate change – continue to advance security practices across industries. Health care, financial services, tech, online gaming and consumer goods companies, as well as government agencies, will be pushed to do and be better in a digital-first world. As cybercriminals get smarter, so must we.

By Tom Thimot, CEO, authID.ai