Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Insight and analysis on the information technology space from industry thought leaders.
Wallets vs. Passkeys: What CISOs Need To Know
For long-term success, CISOs must strategically plan to integrate wallets and passkeys into their organizations.
Industry Perspectives
December 4, 2024
4 Min Read
Alamy
Written by Christine Owen, Field CTO for 1Kosmos
Wallets and passkeys present a generational opportunity to redefine digital identity and authentication. To achieve long-term success, CISOs should start planning now to integrate these technologies into their infrastructure.
When combined, wallets and passkeys elevate security, simplify user experiences, and prioritize privacy. The first step towards building the foundation for a more secure and seamless digital future is recognizing that these two technologies are complementary rather than competing solutions.
Understanding Identity Wallets and Passkeys
Identity wallets and passkeys represent two sides of the same coin, working together to strengthen identity management. While wallets securely store and manage verified credentials, passkeys streamline authentication with cryptographic assurance.
Identity Wallets/Verifiable Credentials: These wallets digitally store trusted identity information, such as driver licenses or professional qualifications, based on W3C or ISO standards. They enable organizations to verify and reuse identity attributes without repeatedly exposing sensitive information. For instance, a wallet could confirm a user’s age for an online transaction without revealing their full date of birth.
Passkeys: Utilizing public-private key pairs, passkeys provide a secure, phishing-resistant authentication. Acting as a built-in multi-factor authentication (MFA) mechanism, passkeys simplify login experiences while protecting sensitive actions, such as accessing critical systems or performing high-value transactions.
Complementary, Not Competing
Contrary to popular belief, identity wallets and passkeys are not alternatives but complementary technologies. Wallets establish trust by storing verified credentials, which can be reused across multiple applications. Passkeys enhance this system by enabling quick, secure authentication and safeguarding the wallet. Together, they create a seamless, privacy-respecting identity ecosystem that balances security and user experience.
For CISOs and identity leaders, understanding and leveraging this synergy is key to future-proofing their identity management strategies.
Use Cases and Benefits
Identity wallets and passkeys are not just theoretical constructs; they have tangible applications that can transform operations across various sectors:
Government Services: Imagine a hurricane victim needing to verify their identity to receive aid from FEMA. With an identity wallet containing verified credentials, they can seamlessly prove their identity, even if they’ve lost all physical documentation.
Healthcare: Physicians prescribing controlled substances must comply with strict verification and authentication requirements. An identity wallet simplifies this, allowing doctors to reuse verified credentials across multiple hospitals to enroll in the system and then use a passkey for authentication. Similarly, patients transferring medical records could use verifiable credentials to authorize data transfers securely and efficiently.
Education: Universities can face account takeovers due to social engineering. By requiring students to verify their attributes, build a wallet, and bind a passkey to that wallet, institutions can bolster security.
Financial Services: High-value transactions often require additional verification. By combining passkeys with trust signals from identity wallets, banks could provide a streamlined yet secure experience, ensuring only authorized individuals can initiate such transactions.
The Path Forward
Despite their potential, deploying identity wallets and passkeys is not without challenges. Here’s what CISOs need to consider:
Federation Issues: Integrating identity wallets across multiple relying parties is complex. While direct integrations can work, they quickly become cumbersome at scale. A more viable approach is a broker-based federation model, similar to the credential exchange services being piloted by government agencies. Such models offer user choice and simplify interoperability.
Education and Awareness: Even the most advanced technology won’t succeed without proper education. Employees, stakeholders, and the public need to understand how these tools work and how to use them securely. Initiatives like white papers and educational campaigns are critical, particularly as identity wallets become more widespread.
Adoption Barriers: The friction of enrolling users and verifying identity attributes remains a hurdle. Organizations must prepare for the initial effort required to establish trust. However, once verified, reusing credentials repeatedly offers significant long-term benefits.
Together, identity wallets and passkeys have the potential to enhance security, streamline user experiences, and safeguard user privacy. However, their successful deployment demands strategic and detailed planning, strongly emphasizing collaboration among key stakeholders. CISOs and identity leaders who effectively navigate these challenges will set the stage for a more secure and low-friction digital future.
About the Author
Christine Owen is Field CTO for 1Kosmos and an expert in identity management with a deep background in policy creation and operational procedures, government rules and regulations, and cybersecurity best practices. She previously served as a Director with Guidehouse, a global technology and risk consulting services provider to the public sector, where she developed and managed cybersecurity, zero trust, and IAM projects.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
