Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
The Challenges of Getting the Authentication Right

The Challenges of Getting the Authentication Right

By István F. István F. Verified by Adam B. Adam B. Last updated: July 17, 2024 (0)

Although it was expected to happen years ago, the death of the password is still nothing more than a rumor. Passwords and passcodes are still pivotal elements of user authentication, so the question is not whether passwords will stick around but instead how service providers can get authentication right.

The three factors of authentication

The first step in controlling access is the identification of the user, then followed by authentication. There are three common factors used in this process:

  • Something you know (the password).
  • Something you have (such as a smart card or tokens).
  • Something you are (biometrics).

As the number of online services and billions spent on online shopping grows, so too does the number of data breaches. Record-breaking breaches have become possible because of the vulnerabilities present in various technologies used in the authentication process. Authentication is accomplished differently in each different industry: web services usually require only an email and a password, but security becomes a high priority for both the consumer and the service provider when dealing with sensitive data.

Using yesterday’s approach to security today

The problem with password-based authentication is the shared ‘secret’ that both the user and the service provider know, the hashed password that is stored online by the service provider. Cyber criminals have successfully launched attacks countless times against such credentials – you need only check the headlines regarding security breaches to see just how common it is. In most cases the whole attack starts with a phishing email, which targets the ‘human factor’ and tricks the user into giving their credentials to the attacker. Just consider the time when attackers hacked John Pondera’s Gmail account.

Such hacks allow cyber criminals to impersonate you on the service that they have used to scam you. The use of time-limited one-time six-digit passcodes doesn’t help as much as it should, despite them being a second layer of security used to validate the authenticity of the authenticating user.

Authenticator one-time code

The problem with one-time passcodes is that they act as a bridge between legacy and modern applications. By integrating one-time passwords into authentication, service providers increase the security of a legacy identification system. By doing so they hope to be both competitive and consumer friendly by providing secure services.

Thankfully technology has opened up new opportunities for service providers and made authentication a more convenient process for consumers. Yes, biometrics is the secure methodcurrently waiting for widespread adoption.

Offline or online authentication?

As a recent IBM study shows, the legacy authentication process is more appealing to older internet users. Millennials are accelerating the password-free era, as 75% are comfortable using biometrics compared to only 58% of those aged over 55.

Why Biometrics Cannot Replace Passwords

Still, biometric authentication can be done right and wrong. The wrong approach currently utilizes a system that involves an online database of stored biometric credentials of authenticated users. We’ve already seen how this could go wrong, as with the breach involving the 5.6 million fingerprints of the US Federal Government Office of Personnel Managementyears ago or the Philippine Commission on Elections hack, which exposed 15 million fingerprint records.

As this clearly shows, if there is an online database with such sensitive data stored on it, then it’ll represent a target for hackers.

The right approach is offline authentication, which is something that Apple is lobbying for with its Touch ID and Face ID biometric authentication systems. The catch is that the user data is stored securely on the device and never leaves it. This makes authentication more secure because it is only used offline, locally on the device and therefore doesn’t allow hackers to get in the middle since they can only successfully attack someone through online authentication.

In other words, the potential for a password-free future is there, but it needs the combination of public key cryptography in order to make it useful for online authentication. That’s what mobile wallets seek to do and, as of writing, they do it well: mobile wallets validate user identities locally and then send the OK message to the financial institution online using cryptography in order to hide the authentication and financial data – in this case the credit card data token – from any prying eyes.

But that’s currently limited to only a handful of services, which leaves the majority of us with these legacy authentication systems. So what can you do while waiting for such a password-free future? Use a password manager to strengthen your account security and enable two-factor authentication with every service that provides it.


Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Latest Articles

Creating the Perfect Landing Page: A Beginner’s Guide
Even though we might not like it, first impressions are key. That’s why having a well-crafted landing page for your business is more than just having a pretty face on the web – it’s your ticket to ...
Read article
How To Master English Fluency: 10 Effective Tips and Tricks
When it comes to language learning, we often come across the word ‘fluency’. But what does it mean exactly? Simply put, fluency is the ability to articulate a message ...
Read article
4 Reasons To Choose CRM Software With AI
With the competition increasing, maintaining lasting customer relationships is more crucial than ever. Customer relationship management (CRM) systems have long been the backbone of most businesses’ effective interaction management, helping them streamline processes, improve satisfaction, and boost sales
Read article

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us