When people only needed a password for their email and perhaps one or two other services, creating one complex, yet memorable code was simple. If that credential needed resetting, users could also be assured that few people would know the answer to their authentication questions.
Yet in the new digital landscape, users may have dozens of online accounts, and previously private information has become more public thanks to social media and robust search technology. Although many people know that they should have a separate password for each of their login credentials, some have to reuse their login details just to remember everything. Even then, their attempt often fails when trying to recall infrequently used login information.
Better authentication is convenient and secure
To reduce the complexity of online identity management, yet enhance security at the same time, SecureKey has been working with the Canadian government and a number of financial institutions to provide citizens with convenient Web access to federal services. Rather than citizens needing to remember little-used passwords for multiple government websites, they can apply one strong, well-protected code that's memorable thanks to regular use. This is part of a "bring-your-own-credential" (BYOC) philosophy, where secure, frequently used authentication details, such as those used for a bank, can be applied to multiple services.
While SecureKey Concierge is not yet available to all Canadian citizens, the company has recently expanded the number of viable users by partnering with ING Direct.Through this alliance, SecureKey is now able to offer Concierge to members of four out of Canada's five major banks, with BMO Financial Group, TD Canada Trust and Scotiabank rounding out the other three associated institutions.
"By lending our credentials to the SecureKey Concierge service, we are able to expand our brand and award-winning service beyond our own website by providing our clients with the added convenience of using their same login credentials to securely access Government of Canada online services," said Charaka Kithulegoda, ING DIRECT's chief information officer.
American Banker recently addressed some of the benefits of this decision, and noted that ING Direct members will be able to remember fewer, but higher quality passwords than previously possible. Additionally, users will be able to maintain anonymity between their banks and the government, with neither organization being able to see an individual's activities between services.
"The primary driver for us is giving our customers choice and convenience," Kithulegoda told the source.
The eventual hope is for all banks to sign up for the service. Much like a credit card, part of the goal of BYOC is to let people use one secure credential across multiple online destinations. Just as the process has already been in operation in Canada, it is also gearing up in the United States, with the U.S. Postal Service working with SecureKey to ready its own credentials service for 2014.
Responding to the changing online environment
With the online threat landscape seeming to grow more treacherous with every year, and as more people seek out online options for banking, shopping, government services, and more, organizations in both the public and private sectors will need to assess the security of their websites. Exploits in both their software and hardware could leave them and their users vulnerable, particularly as the number of devices and operating systems continues to expand. Meanwhile, users will have to memorize even more authentication details, SecureKey's alliance with ING Direct is helping to minimize these issues.