Citrix wants users to log in using facial recognition

Citrix products are set to support multi-factor authentication and facial recognition, instead of just relying on the age-old username and password combination.

Speaking at Citrix Synergy 2018 in California, senior company executives explained the company will support alternative ways of confirming users' identities in a bid to boost security and improve the user experience.

Addressing reporters at a press Q&A following the keynote address along with CEO David Henshall, , chief product officer PJ Hough said Citrix was adding "full support for multi-factor authentication in the platform and the Workspace".

"We are broadly deployed in a number of industries including healthcare, where log-in techniques such as badge swipe, etc, are already dominant as the log-in mechanisms, so the workspace will support all of those as capabilities," he said.

But he conceded that the widespread implementation of such alternatives is rather "future-oriented" - in light of the fact many devices lack the hardware capability, despite outlining that everything announced in the keynote address was either available now, or would be within the next 90 days.

"One of the reasons why we can't actually broadly deliver facial recognition technology is not because we haven't implemented the software part of it, it's that the devices aren't broadly deployed that are necessary to support it; whether it's encryption capabilities or high-quality facial recognition that doesn't get fooled by holding up a picture of me in front of it."

While the iPhone X does boast this capabilty, its status as an expensive, high-end smartphone means it likely hasn't found much adoption within businesses.

He added: "We continue to evolve those technologies, but we are part of a broader ecosystem and we need the ecosystem partners here to continue to invest. I think part of the opportunity for us is we want to inspire the ecosystem."

CTO Christian Reilly demonstrated a login using facial recognition during his keynote address, in which he said "usernames and passwords are not great security".

Expanding on the vulnerability of passwords, Sridhar Mullapudi, VP of product management for Workspace services, told IT Pro the widespread use of passwords makes it more likely to suffer a security risk, and that they were "an old way of doing things". Plenty of recent data breaches have involved the threat of credential re-use, where, for example, a hack of LinkedIn password information has forced other companies to reset customers' login details.

"As part of the Citrix Workspace we are building, identity and access management is a key part," he said. "As part of that we have solutions; we built multi-factor authentication, and that could be facial recognition or thumbprint, or any other factor that you use to log-in, like two-factor authentication (2FA) - that's built into the Workspace itself."

He added: "If users have to remember passwords, and create passwords across multiple applications, it is not the most secure way - because users are not the best in ... making passwords across everything, so you want to be able to provide them with a secure single sign-on across the applications."

Citrix's decision to strengthen security comes as part of a wider industry movement away from passwords. Microsoft ditched conventional passwords altogether in a test run for Windows 10 S earlier this year, opting instead for alternative options such as facial recognition, fingerprint, and FIDO keys.