Authentication trends for 2015


Thought I'd take a stab at what will be happening in the user authentication space this coming year:

  • Hackers will increasingly use trojans such as Citadel to target the master passwords for consumer password management applications like 1Password and LastPass. That will cause big problems for users who are successfully victimized because many of their passwords, not just one at a time, will now be compromised.
  • Hackers will also continue to attack token and SMS-based one-time password systems that are used for online banking, breaking into more bank accounts and increasing pressure on banks to retire this now-obsolete technology in favor of more secure, next-generation methods that are strengthened with features like device fingerprinting, transaction verification, and behavioral analytics.
  • More companies will have their employee and customer password databases stolen and uploaded onto public torrent sites as part of high-profile cyber attacks, as happened to Sony Pictures in 2014.
  • Heavyweights in the financial services, e-commerce, and electronics industries such as Visa, MasterCard, Google, Samsung, Microsoft, and others will start moving their customers off of passwords and onto biometric authentication, aided by the new FIDO Alliance UAF and U2F standards published in December 2014, and following the lead of trendsetters like Apple, which featured fingerprint biometrics in its new smartphone and tablet releases, and heartbeat biometrics in the new Apple Watch.
  • Emerging authentication technology companies will make a strong push to get their products to market and grow their user base. Companies to watch include ThreatMetrix, YubiKey, Entersekt and Nok Nok Labs, as well as the 200+ early stage startups in this space.

(This post originally appeared as an answer on Quora)