We all use a wide range of online services every day to access everything from banking and entertainment to shopping. As a result of COVID-19, even more of our regular activities have moved online. With this shift, the requirement for identity authentication that allows users to securely access websites or applications has moved up on the agenda. This is also the case with the need for secure online testing when granting or renewing certification or licensure.
While usernames and passwords are the most common method of authentication, they aren’t always the most secure. So much so that even IT professionals – in fact as many as 50% of IT security specialists – admit they reuse passwords across multiple accounts.[i] The good news is that there are more secure ways of ensuring your test takers are who they say they are.
A range of security instruments for online testing now go beyond asking test takers what they know – for example a password. Using biological or behavioral biomarkers, these instruments can accurately verify who they are. When used alongside technology that reduces and safeguards the data needed to authenticate ID, both your organization and your test takers will be protected.
Over 50% of organizations already use two-factor or multi-factor authentication (MFA) to increase corporate security.[ii] Microsoft studies show that MFA-protected accounts are 99.9% less likely to be compromised. So, for online tests that use remote proctoring to ensure the highest levels of security, a process that involves multiple steps is a must. With the cumulative effect of these steps, the identity of a test taker can now be proven to near certainty.
So, what are the steps that credentialing organizations can use to ensure the right person is taking an online test? In addition to a test taker’s secure username and password, the next and most common step is the requirement to present a photo ID. This might be a current driver’s license, passport, or government-issued ID card.
A webcam photo is taken of the ID, and, at this point, there are two possibilities. A trained professional can check that the photo on the ID matches the test taker they can see on the webcam as well as check that the name on the ID matches the test registration details. However, it is becoming more common for facial comparison technology to be used at this stage to more accurately verify a test taker’s ID.
Speed and Accuracy
The latest facial comparison software uses Artificial Intelligence (AI). This compares the facial image available on the webcam with the one on the photo ID provided and confirms that the two faces belong to the same person. This type of automated system will check a test taker’s identity in seconds based on a unique combination of their facial features.
Facial comparison is currently the preferred biometric method. It is quick, easy to implement, and requires no additional equipment or interaction by the test taker. With facial recognition software reporting accuracies above those achieved by humans, it is also reliable.
Moreover, with the use of AI that learns from the data, the accuracy of facial comparison technology is constantly improving. In fact, the failure rate of facial comparison software has decreased, from 4% in 2014 to just 0.2% in 2018.[iii] This increased accuracy, along with the wider use of AI across all areas of life, means that AI-enabled technologies are widely accepted. As the technology is still in its early stages and not 100% accurate, this should be used in conjunction with human review.
Of course, another important element of test security is ensuring a test taker’s identity throughout their assessment. With in-person testing, a security breach might involve someone impersonating a candidate from the outset, but swapping identities mid-test would prove almost impossible. However, with remote online testing in a home or office environment, security must be maintained throughout the test to ensure that a test taker doesn’t swap places with another person following their ID check.
Before a test commences, an online proctor will ask the test taker to scan the surrounding area with their webcam, phone, or laptop. They will be looking for security risks that might include additional electronic devices or unauthorized hard copy resources. But they are also looking for other people in the room who may assist or coach the test taker during the testing session.
Throughout the test, AI-enabled facial recognition and movement detection software will ensure that another person has not entered the room to collude with, or replace, the test taker. It is important to highlight that any action identified by AI as potential malpractice should always be reviewed by a human. For example, if AI picks up a voice or movement, a trained professional should always be involved. They will assess whether the discussion was about the test (and therefore cheating), versus something innocent (such as a child asking for a snack). Every candidate flagged by AI is checked to prevent innocent test takers from being punished.
When surveyed earlier this year about the types of business information they are concerned about protecting, 60% of IT professionals listed PII (personally identifiable information).[iv] When it comes to making sure your test takers are who they say they are, it is not enough to authenticate their ID. You also need to ensure the security of any PII that you collect during the process.
This is even more important now, with the understandable focus on data privacy that has come with the recent rapid move to online testing. Steps that will ensure best practices when it comes to data privacy include articulating clearly to your candidates what information you are collecting and why as well as explaining how long this information will be stored and when it will be deleted, ensuring you have the systems in place to do so.
Authentication and Protection
For credentialing organizations, the need to accurately authenticate a test taker’s identity goes hand in hand with a duty to protect their personal information. With new technology, our ability to check that someone is who they say they are, both before and during online testing, is constantly improving, thereby increasing the ability protect your organization’s reputation and the integrity of your online assessments.
Equally, best practices supported by good communication will ensure that a test taker’s personal information is always secure. This means that it is possible to both authenticate and protect when it comes to online testing – while delivering the best possible candidate experience.
[i] Ponemon Institute research, 2020.
[ii] Op. cit.
[iii] Ongoing Face Recognition Vendor Test. National Institute of Standards and Technology, 2018.
[iv] Ponemon Institute research, 2020.