Identity protection — Multi Factor Authentication

multi factor authentification

CIA Triad

When we think about security we should think about preventing IT losses. There are three main areas, known as a CIA Triad, the security can be compromised — Confidentiality, Integrity, and Availability.

  • Integrity — it ensures that data or system is not modified without authorization. If unwanted or unauthorized changes are made, we deal with the loss of integrity. Example — an unauthorized person makes changes to bank transactions, resulting in loss of integrity.
  • Availability — system and data must be available within a reasonable time and when they need it. If the system is unavailable or the data is not accessible, the result is loss of availability. Example — recent OVH Fire resulting in a total loss of data and prolonged unavailability of systems.
  • Accountability — Users can be held accountable for their actions when auditing is enabled.

Three+ factors of authentication

That’s why we need multi factor authentication. It is important to clarify and explain what the factors of authentication are:

  • Type 2 — Something you have. Physical devices that users possess can help them provide authentication. Examples include smart cards, hardware token, USB drive.
  • Type 3 — Something you are or something you do. It is a physical characteristic of a person identified with different types of biometrics. Examples include fingerprints, voice prints, retina patterns, iris patterns, face shapes, palm topology and palm geometry. Examples in the “something you do” include signature and keystroke dynamics.

Two step authentication

The new trend many applications are using is two step authentication. The most common, although now believed to be not very secure due to the SIM Swap attack (simply put — a method of taking over someone else’s SIM) is a process of logging to a banking system. After we provide a username and password, the bank sends to our telephone number an SMS message containing a code that we must enter in order to log into the system. The codes are generated using one of the two standards:

  • TOTP — Time based One Time Password similar to HOTP, but it uses a timestamp and it remains valid for a certain number of seconds, for example 30.

Biometrics

Biometrics authentication has become even more important and popular in recent years, but it also provides some dangers that you have to be aware of. First of all, if you want to implement it in your organization, you have to know that it is personal information and it falls under the GDPR or other privacy regulations. But even if protected, some of the methods are not widely used or prohibited to what they can reveal about the user’s health. Below are the most popular biometrics methods used today:

  • Face scans — they use geometric patterns of faces for detection and recognition. For example, Facebook uses face recognition software to add tag suggestions.
  • Retina scans — they focus on the pattern of blood vessels at the back of an eye. This is the most accurate form of biometric authentication, and it can even differentiate between identical twins. But there are some ethical aspects of using this method as it can reveal medical conditions such as high blood pressure or pregnancy.
  • Iris scans — they focus on the coloured area around the pupil. It is the second most accurate method of biometric authentication.
  • Palm scans — palm scanners scan the palm of a hand for identification. They use near-infrared light to measure vein patterns in the palm, which are as unique as fingerprints.
  • Hand geometry — it recognizes the physical dimensions of a hand. It is rarely used as it is hard to identify a person using this method.
  • Voice pattern recognition — this type of biometric authentication relies on the characteristics of a speaking person’s voice, known as voice print. It is often used as a second biometric method but rarely as a sole method of authentication.
  • Signature dynamics — it recognizes how a person writes a string of characters. The success of signature dynamics relies on pen pressure, stroke pattern, stroke length and the points in time the pen is lifted from the writing surface.
  • Keystroke pattern — it measures how a person uses a keyboard measuring flight time (how long it takes between key presses) and dwell time (how long a key is pressed).

Summary

The one single thing that we should remember is that using only a password for authentication will not protect our systems and accounts. Wherever possible, we should employ a multi factor authentication.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
iteo

iteo

iteo is an international digital product studio founded in Poland, that helps businesses benefit from technology better. Visit us on www.iteo.com