Loggin' in again in Margaritaville

Eric's trying to log in using his brain waves, and pointing to the important questions like, "Can I still log in after six margaritas?"

One of the great things about covering the "identity space" is that periodically you get to talk about the edge -- ideas, products and research that is really "out there."

From Wired today we get news of some Carleton University research that would use your brain waves (which are apparently as individual as other biometrics) to authenticate you to a computer system. In essence, you think of something and the way that you think about it is individual enough that this biometric, brain wave, interface can identify you as you and attest to your authenticity.

Of course, news like this leads to some of the stranger questions, like "Will I still be able to login after I've had six margaritas?" And even though such questions might be better phrased as, "Will I still be able to find my computer (or even think) after I've had six margaritas?" - the underlying skepticism remains.

The thing that's truly of interest to me is that all of this is coming just as the identity industry is dealing in earnest with the FFIEC guidance for authentication in online banking. This "guidance," which is more like a federal mandate than guidance, is driving a tremendous amount of curiosity (and acquisitions) around authentication.

What was once thought of purely as "strong authentication," is now being thought of as "layered authentication," or "risk-based" authentication. All of that expansion of possibility is well-tied to the FFIEC work, as that guidance is forcing vendors to respond to a well-founded marketplace demand.

That marketplace demand is simple: How do I overcome the user-adoption hurdle around authentication if I'm an online bank or broker? Until this year, that demand was not one that was listened to, but suddenly, there are dollars attached and people are listening.

If you want to understand just how thorny this problem is, then go ask American Express how the adoption was with regard to their "Blue" card. The bottom line is that getting users to move past badly maintained usernames and passwords is just tough.

And so it is that we're finally seeing vendors come up with solutions that remove the burden from the user and put it where it should've been the whole time: on the enterprise.

Authentication is a hot topic and thorny problem. One that won't go away until we see online fraud go down.

Until then, here's what I'm thinking. Log me in.