Each individual has a persona: a parent, an employee, a business partner. And all need access to different types of applications and systems from schools, employers and corporations, Tapling says in an interview with Information Security Media Group at the Infosecurity Europe 2014 event in London.
"Your persona is only meaningful to those particular enterprises," Tapling says. "There is only one of you, right? So who owns all of those authenticators? People have taken to the habit of asking questions like 'what is your mother's maiden name; what's your favorite movie?' And you begin giving up that information over and over."
By the third time, he says, people start lying; they misspell their moms' maiden names or give their wives' moms' maiden names instead.
"You started doing [these] things because you felt that your privacy was being invaded," Tapling says. "So, at the end of the day, there is only one of you. The owner of the authenticator should be you. Enterprises for whatever personas you have should be able to surf those authenticators, but you should own them."
Tapling says enterprises look to authentication providers to help them identify ways to ease the burden on employees, customers and other stakeholders to adopt authentication approaches that won't force them to make up passwords, such as the adoption of multifactor authentication that use individuals' mobile devices.
"If you ask that CEO of any enterprise 'What is your electronic security credential problem?' he'll look at you sideways. He doesn't think he has an electronic security credential problem. He has business problems, risk problems and policy problems. And so, if we (IT security providers) can give them a way to implement these authentication polices, without doing all these implementations, at the CEO level that would be very attractive."
In the interview, Tapling discusses:
- Who should be responsible for authentication: the individual or enterprise;
- The evolution of the password from the early days of the mainframe;
- The "groan factor," or the problem business executives express when dealing with authentication.
Before joining Authentify, Tapling served as chief operating officer of IDMetrix, an outsourced provider of digital-certificate services. Tapling has spent more than 25 years in the IT services and research industry. He also serves on NACHA - The Electronic Payments Association Internet Council, and participates in the Identity Ecosystem Steering Group created as part of the National Strategy for Trusted Identities in Cyberspace. Tapling is a co-author of the book, Mastering the Fraud Tsunami.