13 Aug
Many companies put us through multiple steps of verification to grant us access to their services. Everyday we go through identification, authentication and authorization processes and we may not even realise the steps that we are taking to log into an account. The need to prove the user’s identity is dictated by security reasons. With the rapid development of information technology, what we consider strong security can change. What was considered secure in the beginning of this century is no longer the safest option in 2021. The internet has evolved and security procedures need to change with time.
Which is which?
- Authentication is the process of verifying the identity of someone who requests access to applications, data or resources.
- Authorization gives a user that has been authenticated permission to access applications, data or resources.
In environments that are secure, authentication always proceeds authorization. Firstly users confirm that their identity is true and then receive access to the requested resources. There are many different types of authentication. Different companies may require different credentials to confirm the user’s identity.
Single Factor Authentication
The most popular form of authentication is a password. If a user enters the correct data: username and assigned to its password the system considers the identity of a user as valid and grants access. The first time that a password was used as a security feature was in the 1960s at MIT. Even though it is the most popular solution it is not the safest. People tend to use passwords that they can easily remember. Among the most popular are “123456,” “qwerty,” and “password.” While these are easy to remember for the users, those are the first possibilities that a hacker would try to get into an account. More than that, passwords are stolen from servers every day and single factor authentication does not protect us from a hacker that already knows our password. What is even worse with accounts on every platform, it is becoming more difficult to remember a separate password for each account. So to make things more easy users recycle their passwords and use one for multiple accounts.
Two or Multi-Factor authentication
In the past years, we’ve seen an increasing amount of websites losing personal data of their users. The safer option of authentication uses more than one method to verify the identity of a user. This is called two-factor authentication. The method that requires at least two or more methods of authentication is called multi-factor authentication. Categories of the methods can be grouped into:
- Something you know - things that a user must know to have access to applications, data or resources. Usernames, IDs, passwords and personal identification numbers (PINs) all fall under this category.
- Something you have - things that a user must own to have access to applications, data or resources. This category includes one-time password tokens, key fobs and smartphone apps.
- Something you are - include characteristics inherent to individuals that confirm their identity. This category includes the scope of biometrics, such as retina scans, fingerprint scans, facial recognition and Voice authentication.
- Something you do - like a location or typing speed.
Knowledge based authentication
When a password and a username were not enough, the first attempts at multi-factor authentication were security questions. They were mostly used (and sometimes still are) as a method of recovering forgotten passwords. Questions that were often used were asking about the name of your first pet, name of your childhood friend or a favourite book. However security questions were easy to crack, especially if a potential hacker had knowledge about the victim. Sometimes users made it easy to reset their password by using a security question that had a predictable answer.
Threats of weak online security
A weak password and only a single factor authentication may result in a hacker taking over an account or even damaging your device with a virus. Data theft can be another threat. Nowadays we store a lot of our information online, like pictures, documents and videos. Sometimes embarrassing ones that we would not want to be seen by the public. They are often protected only by a weak password. Poor security choices may also cause your identity to be stolen. That’s why it is important to trust companies with top security measures that comply with the highest standards of GDPR, like video verification. Fully-Verified offers video verification services supported by technology and artificial intelligence. An additional security measure is a human operator that checks each verification.
Future user authentication may be based mostly on passwordless methods. Relying on tokens, certificates, phone applications or even biometrics. Human characteristics like fingerprints, iris scanning or face recognition are starting to be used widely to authenticate users identity. In the future more methods may be popularized like typing speed or patterns and gair recognition. What is certain is that passwords were always considered to be weak security features. To protect your data and increase security it is recommended to use multi-factor authentication.
Related Post
Recent Post
Protecting Players and O…June 15, 2023
From Anonymous to Accoun…May 25, 2023
The Future of Identity V…May 10, 2023
Is It Time to Invest in …April 26, 2023
KYC in financial and ban…March 24, 2023
Fully-Verified was created as answer to its founders collectively losing over $150 000 to various types of fraud in their eCommerce businesses.
