To add additional security around user authentication, many organisations have adopted 2FA (2-Factor-Authentication) to deliver strong authentication for user access. 2FA solutions are available in many formats, from physical tokens to soft tokens (apps on mobile phones), to sending SMS or calling a user to deliver an automated code.
2FA by definition, requires 2 factors. The first factor is the token, the key-fob, calculator type device, a phone to receive SMS or call on which creates or receives a unique OTP (One Time Password), typically a six-digit number that changes every minute of every day.
The second factor is a PIN code, a secret that the user creates when first enrolling for a service. The combination of PIN+OTP complements a user password and provides greater levels of security for organisations for user access.
Well.. We're All Human.
There are a number of challenges with this legacy approach to user authentication.
Firstly, 2FA solutions, do not prove identity of a user, it proves an individual has sufficient knowledge and access to tokens to be able to authenticate.
Secondly, legacy 2FA solutions are a cumbersome user experience, the token has little value if a user cannot remember their password and is prone to user error through mistyped codes.
Additionally, hardware tokens are expensive and have logistical challenges for replacing lost or stolen devices. Coupled with the challenge of forgotten passwords and the reset process users have to endure.
The introduction of biometric sensors on smartphone technology back in 2013 has provided an exceptional user experience to unlock a smartphone with “who you are”. Using your fingerprint or face to unlock your phone and get password-free access to your mobile applications, provides exceptional user experience and increased security for users.
Veridium have taken this tried and proven methodology for mobile phone access and extended the capability to use a mobile phone to assert your digital identity beyond the phone. Veridium provide solutions to deliver password-less, strong multifactor authentication into virtually any application or service, replacing legacy token technology and eliminating the password.
Single Platform for Enterprise Passwordless
Removing the password actually increases security for organisations by eliminating the capability to share credentials or perform brute force attacks on infrastructure, additionally phishing emails are irrelevant since the user has no password to replay to the attack.
By definition, Veridium deliver strong authentication, eliminating the requirement for token (OTP) technology, delivering increased security at a lower operational cost for organisations than traditional token and password authentication solutions.