Microsoft: Identity challenge will have many solutions

Issues surrounding Chip and PIN mean that future of authentication lies with multiple methods, says a Microsoft privacy expert who is confident that no single strategy will prevail

While Chip and PIN has many advantages, operational issues surrounding the technology making it unlikely to prevail as a worldwide standard for identification authentication, according to Peter Cullen, chief privacy strategist for Microsoft this week.

"Chip and PIN is great, but there are some operational issues with it," said Cullen, in an interview with ZDNet UK. "What happens if I lose it, for example? Does that mean that I am left stranded?"

Cullen believes that issues like this will mean that the future will lie with "multiple different types of solution" offering different methods of identification and verification, rather than with Chip and PIN. Many UK banks use Chip and PIN today to let a customer submit a secret number to authenticate a transaction, rather than their signature.

"In other parts of the world, they are looking a two-factor authentication," said Cullen. "In places like the US and Canada, Internet banking tends to be rolled out without the use of smartcards. They just use password and user ID."

Cullen firmly believes that no single authentication solution will win out and that users, customers and organisations will continue to be faced with multiple solutions, which means both the industry and that the system itself needs to be able to handle multiple technology solutions.

"It has to be very interoperable as opposed to one single solution. We think that is the answer," he said.

Microsoft has helped design a set of principles collaboratively with others in the industry — "Even people from the open source community," Cullen pointed out. "As a result of that, all of our technology solutions will actually meet those standards," he promised.

Meanwhile, Cullen says dealing with phishing is a major priority. "The next version of Internet Explorer will have more advanced ways in which users are warned when something looks like a suspicious site" he says.

But while the software will warn the user, it is Microsoft’s philosophy that the responsibility for dealing with threats lies with the user. "What the download blocker [in XP Service Pack 2] does, is alert the user that there is something that someone is attempting to download, gives them very clear information about who it is that is attempting to do this and allows the user to make the choice. That is the way we will approach phishing as well."

To read the full interview with Cullen, click here.