Two-factor authentication is a security mechanism, which has grown more prevalent as data breaches become commonplace. It involves logging into a system using "something you know" and "something you have."
The most familiar example of this is an RSA security token, which displays a code which changes periodically. Users enter a pin or password followed by said code in order to gain access to a system. Another type of two-factor authentication involves a system sending you a text message with a code you need to enter to access your account.
While this displays stronger security than using either the password or the token to connect to a system, it isn't foolproof. Anyone foolish enough to write their pin or password down can be easily compromised if the token is lost or stolen. Plus, it's time-consuming to manually log into systems, and "fat fingering" entry codes or pins/passwords often leads to user frustration.
SEE: Mobile device security: A guide for business leaders (Tech Pro Research)
A new form of authentication
Direct Autonomous Authentication (DAA) is a new form of authentication pioneered by mobile security firm Averon. I spoke with Averon CEO Wendell Brown to find out more about the topic.
Scott Matteson: How does DAA work?
Wendell Brown: DAA technology makes it possible to identify yourself via your phone in real-time via mobile carrier data packets. There is no user effort involved and no apps to install.
DAA is a turnkey API solution that provides instant and frictionless authentication of mobile users via GSM carrier network signaling and the SIM/eSIM technology already contained in every smartphone worldwide. DAA identifies the source mobile device from which data packets originate, leveraging the inherently ultra-secure carrier networks to provide lightning fast and extremely easy mobile user authentication.
Scott Matteson: How is DAA more secure than traditional multi-factor authentication?
Wendell Brown: Convenience and security have traditionally been at odds, but we've solved this dilemma with security that is effortless for users and therefore widely adoptable. As the world is painfully aware, legacy multi-factor authentication methods such as SMS, app downloads, email codes, and passwords are both a nuisance and hackable. SMS was never designed for security applications and therefore is inherently insecure.
Our technology is superior to traditional authentication methods, such as SMS two-factor authentication (2FA), in that our patented DAA methods replace non-secure legacy methods to bypass the danger of password hacks, to reduce fraud, and seamlessly securely manage user access.
SEE: How to reduce user account lockouts and password resets (free PDF) (Tech Republic)
While security is a major concern for mobile users, most people won't wait more than four seconds for a page to load to authenticate them. Yet it takes most 2FA methods more than 16 seconds to complete. With DAA technology, authentication takes only milliseconds, is hassle-free and ultra-secure.
DAA seamlessly integrates to decrease friction and increase security in mobile payments, blockchain transactions, credit card purchases, and more. It also works invisibly in the background for an easier, faster and more secure user experience. Plus it secures user logins from password hacks and instantly detects fraud at checkout.
SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)
Scott Matteson: How does one guarantee that their phone can't be used maliciously if it ends up lost or stolen?
Wendell Brown: Traditional mobile security strategies solve that problem here. Users—whether in the consumer or business realm—should always secure their mobile devices with a strong password or biometric security lock. Devices should be set to auto-erase after a certain number of failed authentication attempts; ten is probably a reasonable number.
Always use encryption when storing data on external media such as a micro-SD card (if applicable). Leverage solutions like "Find my iPhone" or "Find my Android" to quickly locate missing devices, or if all else fails, to remotely wipe them to erase contents.
Scott Matteson: Can you elaborate on how you are integrating DAA into other technologies?
Wendell Brown: Averon provides authentication solutions for many verticals including e-commerce, fintech, blockchain, smart devices and vehicles, and IoT. Through Averon's solutions, forms can be auto-filled to complete a purchase, fraudulent activity can be eliminated for credit card transactions online, blockchain-related transactions are strengthened, smart cars and devices can be authenticated, and government's user and access management protocols for mission-critical applications and sensitive data can be secured. In addition, DAA integrates with MDM solutions.
SEE: Password Management Policy (Tech Pro Research)
Scott Matteson: What are some examples of consumer/business usage of DAA?
Wendell Brown: For consumer use, DAA eliminates the outdated method of verification codes to confirm that a person is who they say when purchasing goods or logging into an online account. In our new connected world, DAA secures access to digital locks for home, auto, and tech including front doors, routers, and connected cards. For enterprise systems, DAA authenticates employees accessing secure data and applications in sensitive databases. We're now integrating our technology beyond consumer mobile devices, like mobile phones and tablets, and into the connectivity space, with smart cars, smart homes, e-commerce, fintech, and blockchain systems. This positions Averon as the first identify authentication provider to solve challenges for both wireless and wired networks.
- How to make your apps passwordless with Microsoft Authenticator and FIDO2 (TechRepublic)
- Why your business should implement multifactor authentication (TechRepublic)
- Why passwords are a terrible method of authentication (TechRepublic)
- Man-in-the-disk attacks: A cheat sheet (TechRepublic)
- Timehop breach illustrates need for multi-factor authentication (TechRepublic)
- Microsoft details the causes of its recent multi-factor authentication meltdown (ZDNet)
- Okta offers free multi-factor authentication with new product, One App (ZDNet)
- Why more people don't use simple two-factor authentication (CNET)
Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.