In an era dominated by technology, it isn’t easy to run a digital firm, considering that cyberattacks are now a regular occurrence. Customers are always on the lookout for a seamless experience. However, any business calls for high security. In industries such as insurance, healthcare, or banking, an important aspect to be considered is government regulation.
Due to the stress related to regulations and security, many organisations have understood that Multi-Factor Authentication or MFA is crucial as per Bahaa Abdul Hadi. This is where the demonstration of three important aspects from the customer is expected:
(i) Knowledge (For instance: Passwords, Secret Questions)
(ii) Possession (For instance: token devices), and
(iii) Inherence (biometrics)
However, every MFA is unique as the security along with the convenience of interaction is based on the details of the individual’s MFA implementation. The factor that offers the best security and customer experience is Inherence. On the contrary, the factor that offers the least security leading to customer frustration is the knowledge factor. What remains are the possession factors – Are these quite secure and convenient?
Soft Tokens – The Way Ahead
Before smartphones started dominating, companies used hardware tokens such as RSA tokens or Hard tokens to ensure strong security. However, such devices were quite expensive and also generated customer frustration due to the need to carry additional devices. Though there has been an upgrade in such devices (Eg, YubiKeys which can be connected to your laptop’s USB port), they are still expensive.
Most of the organisations have moved away from this security model due to the latest game-changer in MFA – “Soft tokens” where your phone itself is a token! Smartphones are carried around by every single individual and they come with advanced and superior security features. However, every soft token is different. The manner of implementing this possession factor could have a major impact on the usage and security. For example, we all are aware that the least secure is the One Time Password (OTPs) sent over an SMS or Short Message Service, also known as “Text Message”.
To create a much stronger soft token (phone-as-the-token) security, you have to leverage the intrinsic safety abilities of your smartphone. Your smartphone has the ability to store cryptographic private codes in safe containers in the device. This enables you to register your mobile to your account using a unique public-private code. Furthermore, you could also utilise the various biometric sensor features in your smartphones, such as microphones, fingerprint readers, and cameras. This enables the customer to demonstrate possession as well as inherence simultaneously.
However, these days, social engineering is in a position to defeat any security measure, thereby making the customers and their data vulnerable. With these methods in place, businesses are outsourcing their security to mobile carriers, without any certainty about their security systems.
Though hard tokens are still used in applications of high security, what is essential is to maintain a balance between convenience, regulatory mandates, and security. And phone as an identity token authentication has managed to tick all the above, thereby delivering a customer-friendly authentication experience.
Thank you for your interest in Bahaa Abdul Hadi blogs. For more information, please stay tuned to www.bahaaabdulhadi.com