Go to Top

Multi-factor authentication for logins

Multi factor logins provide more security

When speaking about securing data, this always means trying to protect it. As such, the basic principle of data security is ensuring that there is a provision for secure access to the data. Similar to the security measures provided for bank safes, which contain physical money, multi-factor secure access to data has several key principles which it follows when being implemented.

Logins and passwords are commonplace nowadays. They allow a bank to verify a person’s credentials when logging into their online bank account. However, biometric devices are also becoming quite common. An example of which is TouchID can be seen in the new iPhone 6. This feature is integrated into the main button that is used for switching applications. Basically, this is a miniaturised fingerprint reader. Multi-factor security (MFA for multi-factor authentication) consists of multiple controls and only one criterion. Therefore, for the past five years, when using payment sites that use the BNP service, you enter a credit card number, expiration date, cardholder name and the 3-digit code which appears on the back of the card and then a code is sent to you via SMS to confirm the transaction.

For certain access systems, we don’t want to have to enter a SMS code every time we want to access it. The biometric fingerprint reader system could be a solution. However, it’s quite demanding as the terminal must be provided. Many professional laptops and smartphones have it, but not all of them. A standard still needs to be set for this, such as that provided by FIDO (Fast IDentity Online). However, perhaps the solution doesn’t exist yet. Certain conditions make fingerprint reading difficult, for example, if your fingerprints are excessively dry, dirty, too large or injured. The iPhone 5S provides proof that multi-factor is not a panacea with the password and fingerprint: it requests the password when it does not recognise the fingerprint. Moreover, there is nothing that says biometric data cannot be used for other purposes since each of our fingerprints are stored in servers that know them and recognise them. So, what can we do?

Many technology companies are asking this question and they often find very sound answers. Multi-factor access is also not necessarily limited to a choice of second factor verification. For example, if SMS is mainly used as a safety factor in banking systems, it’s because it is based on a chain of trust: the phone number is unique and it is activated by a single chip in the phone which must know the identity of the owner. Along with a login and password, it’s a strong enough multi-factor, but not practical to use this 20 times a day. Therefore, among other things, Gemalto is proposing smartcards, which can be inserted into the specific casing of a laptop or a specific USB drive. Perhaps, the best solution would be a USB key with a chip inside the key since it’s unique and not necessarily limited to a single computer, similar to a real key. At Login People, they invented “Digital DNA”, whereby the smartcard is replaced by a unique fingerprint of a digital device, such as a smartphone. If you connect your smartphone to your computer and enter your username and password, you will have access to the information, if the smartphone has this functionality. Multiple devices can be configured as the key. The idea behind this is very interesting.

Obviously, MFA access is also subject to the fact that security technologies are used, such as with data transmission (SSL or TLS). By using all of these technologies together, this guarantees a significant improvement in secure access.

, , , , ,

Leave a Reply