IoT (Internet of Things) Authentication refers to ways to securely and conveniently access connected devices such as smart homes, autos, transportation hubs, and workplaces.
The smart device ecosystem is highly fragmented, having not yet settled on a standard for what hardware and software is the dominant way to access devices. Enterprises may use RFID badges for secure entryways, while homeowners may use proprietary apps for autos and thermostats. This fragmentation causes poor usability — in the context of usability being paramount to the success of the IoT and digital transformation — and risk, as many systems and settings are unsafe. In all, today’s IoT security is lightweight compared to enterprise application security and the IoT’s aggressive rollout has created a situation where IoT authentication must catch up.
IoT authentication could benefit from a single standard onto which all device makers and solution providers deploy their technology. One solution is to settle on a single user interface (UI) such as consumer mobile devices and to authenticate based on FIDO Alliance open standards for True Keyless Authentication. This would reduce the fragmentation and our over-reliance on passwords, whose use as an authentication mechanism hinders IoT adoption by degrading usability and whose security is not in step with the security demands of workplaces, homes, cars, transportation bubs, and critical infrastructure.
“IoT authentication is important since the security of devices, autos, and workplaces is paramount. The risk of unauthorized management of these smart things is too great to cede that security to passwords, whose poor usability has not kept pace with the IoT just as they haven’t kept pace with mobile.”