Connect with us


A Breakdown of Online Authentication Methods



A Breakdown of Online Authentication Methods

Modern research has found hackers to attack every 39 seconds. Above that, 81% of security incidents logged in 2018 were tied to stolen or weak passwords. While the victim should never take the blame for a security breach, there are a few points that can be learned. 

To begin, never use the same password twice in any digital means. In addition to that, take advantage of any multi-factor authentication features a website may offer. Most commonly, multi-factor authentication requires two or more authentication methods to login. While this can create varying levels of security, account strength typically depends on the weakest factor used. If this helps, the most often combination of multi-factor authentication is a password and a one-time code. One-time codes can typically be sent to whatever email or phone number you have saved on file. Do note that messaging and data rates may apply to any one-time codes sent to your mobile device via SMS.

Still, understand that multi-factor authentication’s credible legacy does not mean it offers more security to an account. More often than not, two-factor authentication is easily spoofed. 

Although one-time codes reduce the chances of successful, yet fraudulent, account logins, their features can be easily tricked. For example, professional scammers can intercept one-time SMS authentication codes before the rightful user is alerted. A similar example can be illustrated in the fact that encrypted instant messaging apps may send to multiple devices at once.

As a rule of thumb, use biometrics, as they can be highly effective in fighting against imposters. Nonetheless, there are still gaps in the security biometrics provide. The issue lies here: people can’t simply change their fingerprints or face if their biometric data is compromised. As a result, stolen biometric data has become a high-value target for attack.

Overall, biometrics provide high security and are extremely hard to fake. However, there are many biometric gadgets on the internet that have had issues delivering false positives. Still, with biometrics, there is no need to remember a password – or extra steps for the user. Just remember: biometrics are only secure if they have been stored locally and protected by TPM or Enclave.

Speaking of security strengths, time-based one-time passwords only offer medium levels of security. However, they are still great ways to pad your account with extra security, and they offer some neat benefits. For example, time-based one-time passcodes expire after a short period of time. Now, this is an action that can enhance your security. Still, it is noteworthy that time-based one-time passwords are vulnerable to SIM hijacking, malware, and notification flooding attacks.

Instances such as these go on and on. In this day and age, breaches will only increase. Most likely, this will last until we change our approach to online authentication. A great way to start would be to change any passwords you’ve recycled from another website.

In 2019, there were 157,525 security incidents and 3,950 confirmed data breaches. When your user authentication isn’t secure, cybercriminals have easier access to bypass the system. Once this happens, they can take whatever information of yours they want.

The future of authentication may be passwordless; but until then, remember to stay protected. How secure are your authentication methods?

A Breakdown of Online Authentication Methods

Brian Wallace is the Founder and President of NowSourcing, an industry leading infographic design agency , based in Louisville, KY and Cincinnati, OH which works with companies that range from startups to Fortune 500s. Brian also runs #LinkedInLocal events nationwide, hosts the Next Action Podcast, and has been named a Google Small Business Advisor for 2016-present and joined the SXSW Advisory Board in 2019. Follow Brian Wallace on LinkedIn as well as Twitter.