Episode 48

Implementing Secure and Fast Authentication Processes

Traditional authentication methods are outdated and need many layers of code, which can take time and resources away from developer teams. If developments like FIDO2, WebAuthn, and passkeys are to be the cornerstones of a passwordless future, then every application (not just Apple, Google, and Microsoft) needs an easy way to adopt these methods and weave them into current user authentication flows. Slavik Markovich, Co-founder and CEO, Descope, discusses current and future authentication trends and the importance of building a low-code/no-code passwordless authentication solution for app developers.

Time Stamps

02:52 -- Slavic, share with us some background information, some highlights of your professional journey.

04:19 -- What are the pain points when it comes to authentication?

09:55 -- So Slavik, where are we headed in terms of the next stage or the next phase of evolution when it comes to more sophisticated authentication systems?

16:01 -- What is that low code, no code, passwordless authentication solution that would make it feasible for developers to focus on developing solutions and functionalities?

25:00 -- There are products in the market, open source or proprietary, that can help take away that additional pain or challenge of developing the authentication part of the solution. The developers can then focus on what they are good at, developing the product functionalities. Is that a fair, high-level representation of what you said?

26:17 -- So where are we with biometric authentication? Have we made more progress?

33:53 -- Are we further along in getting to that ideal goal where just compromising an account doesn't mean the end of the world or doesn't mean a major problem?

36:55 -- Please share some final thoughts.


Memorable Slavik Markovich Quotes/Statements

"If you have a token that you use to authenticate, that's pretty secure, it's very hard to phish it, and it's very hard to steal it."

"A lot of effort is being made in creating authentication around who you are versus what you know. So using biometrics-based authentication is a big step in that direction."

"Use of passkeys, which allow a secure and somewhat frictionless way of authenticating, without having to remember anything."

[Note: "With passkeys, users can sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords"] (https://developers.google.com/identity/passkeys#)

"Like everything in security, the devil is in the details."

"There is an inherent tension between the security teams and the developers. You kind of try to solve it by bringing security into the development teams."

"Security shouldn't become a bolt-on process but should be part of the architecture, design, review, and implementation."

"Security doesn't sell your product. Eventually, features will sell your product."

"Most developers are not security experts. So, if they implement authentication, there might be big holes that they cannot catch. Then, you end up with account compromises and stolen data from the application."

"The biggest obstacle to biometric authentication is actually education."

"The best password is no password."


Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Dr. Chatterjee's Professional Profile and Media Kit: https://tinyurl.com/bdenv88p

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712

Latest Publications:

https://www.imd.org/ibyimd/magazine/preventing-security-breaches-must-start-at-the-top/

https://www.imd.org/ibyimd/strategy/mission-critical-how-the-american-cancer-society-successfully-and-securely-migrated-to-the-cloud-amid-the-pandemic/

Latest Webinars:

https://us02web.zoom.us/rec/share/5H3vdv8eJgZRFMEa_w-JApCjpBczEcwpsqY6HRRZl6gOfanvhDLN1oiVnFA_qSE.kFJ0JGmlJt2d30Ip 

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.