MOBILE IDENTITY
Most of our interview subjects mentioned the mobile device as the key to biometric adoption and other forms of advanced authentication, as people use biometrics tied to mobile devices to access services - or use the devices to authenticate themselves in another channel. "It's something we're starting to call bring your own ID," says Michael Versace, a research director at IDC Financial Insights. "The bank is going to start to identify people not by their user ID and password, but by your behavior."
In the case of "bring your own ID," the prevailing "something you have/something you know" ID paradigm grows to include "something you are." The three will eventually combine to enable risk-based authentication.
The same mobile technology that's being used for marketing - such as geolocation and transaction history - can also inform risk-based authentication. "We know where a person usually logs in from and what he does - such as check balances, move money or make a bill payment. That behavior defines your ID. What if there's a log in or activity that's different? Your ID is used to create policies directly related to your behavior," Versace says.
I think the best solution is a smart phone application that generates keys that are authenticated by a third party will be the solution for internet authentication. So I go to my banks web site, my smart phone provides the site with a key via blue tooth, and the bank asks a company like Verisign to validate my identity.