Challenge: How do you identify someone?
Two-factor authentication with username and password is vulnerable. The solution is to combine different authentication methods.
At the end of the Odyssey Homer applies what may well be one of the earliest examples of multi-factor authentication: The hero, returning home after 20 years, is tested by his wife Penelope in two ways before she believes that he really is her missing husband – is he strong enough to string his mighty bow, and does he know why the marital bed is built immovably around a tree? Two out of three factors of authentication are applied here: “something that you are” and ” something that you know”. The legend shows a problem which is also important in biometric authentication: How do you recognize a person which naturally changes a little every day? The solution is multi factor recognition.
How do you design a system that ideally combines the aspects of security with user friendliness?
To replace one kind of authentication, such as username and password, with another is not the answer. Neither iris or vein scan, nor voice recognition, nor any other method alone will solve the problem. Rather, a sophisticated system has to verify the identity of the user. This system is the basis for a combination of different authentication methods.
To do this, specialized partners need to work together to combine best-of-breed authentication components. As a side effect, successfully implemented multi factor authentication also fulfills the Strong Customer Authentication (SCA) requirements of PSD2.