Skip to main content


Pushing Past Passwords

Cathy Tilton: Pushing Past Passwords

In over 20 years of working in the biometrics space, I’ve seen significant leaps in both technology and its application; ideas that were once considered science fiction (or at least James Bond) that are now used and being considered as mainstream authentication methods. This is an exciting time: a convergence of individual privacy, innovative applications and commercial needs.

I’ve always been interested in biometric authentication specifically. When I first started in the field, the tools were limited to government programs, including law enforcement, and as the discipline expanded into the civil and commercial spaces it became much more fascinating. There, we got to see the development and evolution of physical and logical access controls and movement into consumer implementations.

When the President issued the National Strategy for Trusted Identities in Cyberspace (NSTIC), participating in IDESG was a natural fit for me. I wanted to be a part of a group that takes a holistic approach to breaking the status quo of ineffective passwords and builds a safe harbor for online identities. That requires ideas and creativity from all technologies and stakeholder perspectives. It just makes sense: to increase trust in the Internet, it is important to get rid of reliance on password protection in favor of better, more innovative technology to authenticate identity.

At the forefront of successful online authentication are three essential elements:

  1. Security and privacy
  2. Convenience and
  3. Workable business models

Security is a given – not only must the solution effectively authenticate the user, it must do so in a manner that does not open or create any security holes and simultaneously protect the privacy of the user.

But security and privacy are not enough – if an individual cannot easily access and use the technology, then they simply won’t bother. Relying parties (RPs) today are focused on a smooth and easy experience for their users, particularly their customers. One of Daon's financial services customers recently spent months perfecting the implementation of facial recognition for their mobile banking application. It had to be fast, easy, and intuitive. It now takes less time than entering a 4-digit PIN.

Last, but not least, the value proposition and business model need to make sense for the relying parties. These models may vary by vertical sector, but there are also commonalities. Today, identity is pervasive across the enterprise, involving not just technologists, but business people as well. RPs want to leverage identity solutions not only to reduce risk, but to increase customer loyalty.

During my time as the Chair of the Standards committee, I watched as the group grew, quickly dug into the work and achieved success in developing deliverables to further the framework – including the Standards Adoption Policy and our first adopted standard. The key now is to repeat our successes across the organization, making even bigger strides. I saw this starting to happen during the last Plenary. There was a high level of engagement and, while each of the committees were advancing their own efforts, everyone seemed to be pushing in the same direction for the progress of the steering group as a whole. I hope this will continue and we can take another step forward during the next virtual Plenary on April 16th.

As we build the Identity Ecosystem Framework, our organization must continue to grow and mature. A critical component for success is bringing relying parties to the table – it is their adoption that will make our break the IDESG and the evolving identity ecosystem. We need their perspectives as well as fresh insight, industry wisdom and creativity applied to the evolving problem that is online identity management. Although privacy is critical to our mission, the IDESG is so much more – it’s about opportunity, innovation and development. How do we create an identity ecosystem that expands online services for more people – what online transactions we can facilitate with trusted identities that can’t be performed today?

I encourage everyone to see the value in the Identity Ecosystem and Framework and more importantly, to get involved – listen to a Plenary, join a working group, contribute an idea, create an artefact or sponsor a meeting – and bring innovation to the forefront of identity management.

Cathy Tilton Vice President, Standards & Emerging Technology at Daon. She earned her Master’s Degree in Systems Engineering from Virginia Polytechnic Institute and State University and a Bachelor’s Degree in Nuclear Engineering from Mississippi State University. Previously, Tilton was a captain in the U.S. Army where, among other things, she was a parachutist. In addition to chairing the Standards Committee for IDESG, she belongs to several identity management and biometrics professional groups. In her spare time, Cathy spends time with her family – including five grandchildren – and volunteers for her church.