Posted On: October 10, 2017/
Written By: Starlink
Multi-factor authentication systems indicate that more than one factor must be used to prove the identity of an online user. A typical second element is an SMS code that is sent to a registered handy number of the user (often referred to as a one-time password). This widely-spread method, however, has proved to be vulnerable, critically.
There are three categories of factors:
Online access via fingerprint?
The biometric security system may facilitate the authentication process. But how does it work?
Your iPhone does not grant you to access to your bank account. Apple and the corresponding banking systems work entirely separate from each other. So how to close the gap and allow a fingerprint to access to your account? The Identity Software enables the bank to accept different authentication methods than its One-Time Password Generators.
Next, you have to download an app on your mobile phone. Once you have downloaded the app, start the browser, and access your banking website, the identity provider runs a so-called “User-Driven Federation.” This means that you first authenticate with your banking credentials in the authentication phase and then enter something like your handy number. The identity provider of the bank then sends an authentication request to your smartphone app that requests your fingerprint. You touch the circle on your iPhone. Then a response is sent to the identity provider. And congrats, you can now use your fingerprint instead of the token for authentication against the bank.
Is this all biometric?
Looking at the process described above, one gains the impression that the fingerprint is the key that unlocks the door to the site. But this is wrong. In the above scenario, the fingerprint replaces a PIN code. In the app, there is a private key (PKI), which encrypts the answer to the identity provider cryptographically. This key can be protected by PIN code, fingerprint or face detection. This is the correct way to implement biometric authentication for online services. The biometric data does not leave the device.
Why biometric authentication?
Imagine an average user who is not necessarily familiar with safety precautions. He trusts that the bank is taking care of it. What makes him more interested in whether a system is convenient and user-friendly.
We all agree that complex passwords, which have to be changed every 90 days, are a nightmare. And we can assume that one-time password tokens that generate numbers of 6-8 digits are not always the most viable alternative in everyday life. Tokens (like other small things) like to disappear the fatal slope to never again.
If you can use biometric system, which you hold in your hand’s dozens of times a day (and not just since “Pokémon Go”), this would be more practical for authentication. Also, 2 step-verification is user-friendly and enjoys a high document value.