Authentication is about having an assertion made that gives you a level of confidence in that assertion. For instance, when I talk about using digital identities to create frictionless e-commerce, I am talking about passive authentication, where if somebody logs on we've taken a profile of that person in terms of their computer browser and what they do in terms of transactions and their behavior and without them having to actively participate in the process we can identify them. And then the password becomes just a second factor in the whole scenario, but the user is hardly inconvenienced at all.

We announced the RSA Internet Confidence Index today and it is not a pretty picture. The volume of Internet transactions is going up when people are less confident. It is like people are closing their eyes and driving their automobile hoping they won't hit anything. The fact of the matter is ultimately they will and it can't continue like this.