Human Intent: The Key to Security

Authentication is a very deceptive word. In today’s security-conscious environment, this term is attached to every security solution without thought to accuracy. It has become cliché in the security industry. A new term is required. I humbly suggest that the ultimate security goal is better labelled, “Intentication.”

In other words, we should be determining access by measuring human intent, not a user’s identity.

A username/password combo is equivalent to a padlock. Anyone with a key may open it, gaining access to whatever was protected with no thought to human intent. And that’s the point. Anyone with the static credentials will be given access. In fact, we often see situations where the identity of the user may be verified, but their intent was not.

For instance, many people have had situations where they “drink too much” and make “accidental” purchases online. Was that their true intent? Or what about someone using my finger as I sleep to access my phone with TouchID? My identity was verified, but my intent was not.

Instead of truly verifying the identity of a person, today’s security solutions simply increase the complexity of the lock OR throw more locks at the problem.
Some may argue that with the advent of biometrics, the inherent weaknesses of passwords have been solved.

However, as with my earlier example, the static credential has only been made more complex with these methods. When a user registers their fingerprint, iris scan, or even DNA, that attribute is turned into a digital file…a key. Despite the complexity of that key, it is still just a key, giving anyone who possesses it, or a copy thereof, full unfettered access to anything within the original user’s account.

So, how do we measure “user intent?” The solution is right in front of you. Or to be more exact: right INSIDE you. The human brain is more than simply a biological hard drive of facts, figures, and pictures. What makes us unique is how we CONNECT those facts, figures, and pictures. These cognitive links stitch together our life experiences, changing us, and our views of the world.

While two people may experience the same event at the same time, their memory of it will differ due to their unique way of categorizing and connecting the facts of that event.

For instance, you and your friend are watching a football game. Later, when reminiscing about the game, you may remember a rather unusual touchdown by the receiver who caught it. Your friend may remember it by the quarterback who threw the pass. You both experience the same event, but how your mind stores and categorizes that information creates these incredibly unique mental connections.

A user does not have to practice memorizing such connections. They are built-in to the long-term memories of all people. And, as your life progresses, you gain more and more of these unique connections between the events, objects, and facts of your life.

Cognitive Identification is the new security paradigm allowing network administrators to truly measure user intent. By using a dynamic, random testing of these connections, you eliminate the need for passwords and biometrics. Users will no longer forget how to access their accounts. Stolen credentials are no longer a threat. And most importantly, your data, systems, and users are safer than they’ve ever been.

For every lock, there’s a pick. The only way to break that chain is to verify the intent of the user. Your data needs it. Your users deserve it. And with NimbusID, you can achieve it.

About the author: Eric Spellman