Challenge: How do you identify someone?

Two-factor authentication with username and password is vulnerable. The solution is to combine different authentication methods.

At the end of the Odyssey Homer applies what may well be one of the earliest examples of multi-factor authentication: The hero, returning home after 20 years, is tested by his wife Penelope in two ways before she believes that he really is her missing husband – is he strong enough to string his mighty bow, and does he know why the marital bed is built immovably around a tree? Two out of three factors of authentication are applied here: “something that you are” and ” something that you know”. The legend shows a problem which is also important in biometric authentication: How do you recognize a person which naturally changes a little every day? The solution is multi factor recognition.

How do you design a system that ideally combines the aspects of security with user friendliness?

To replace one kind of authentication, such as username and password, with another is not the answer. Neither iris or vein scan, nor voice recognition, nor any other method alone will solve the problem. Rather, a sophisticated system has to verify the identity of the user. This system is the basis for a combination of different authentication methods.

To do this, specialized partners need to work together to combine best-of-breed authentication components. As a side effect, successfully implemented multi factor authentication also fulfills the Strong Customer Authentication (SCA) requirements of PSD2.

Main features

At the beginning of its service, the system needs to get to know the user in all relevant dimensions. The user’s personal and contact data, equipment, services and service platforms he or she uses, but also the necessary biometric data such as physiognomy and typing pattern, voice, vein or iris pattern. Furthermore, the system cannot freeze on the level it once learned. The system needs to update its recognition pattern regularly.

Not every occasion requires the same degree of security. The system should choose the “level of assurance”, i.e., the required level of authentication, risk-based. The system should be equally adaptive in case of deviations from the stored authentication patterns. If the voice recognition fails because of a cold, this is no reason for an alarm. But if someone tries to log on with an unknown terminal at an unusual time at a distant place, the failure of the voice recognition is a very good reason to ask for further evidence of identity.

The more features differ from the known patterns during an attempted authentication, the more suspicious the system becomes, and the more stringent the criteria it should apply. If the “risk score” reaches a certain level, the system should check immediately whether a fraud attempt is behind the observed irregularity and prevent access, given the case.

Cumbersome safety measures induce the user to avoid them. Many biometric methods such as facial recognition or analysis of typing behavior require very little active human involvement and are therefore suitable for everyday authentication and mobile security.

Because the digital identity is so important, the user must know whether and when it is applied and to what purpose. Similarly, the data used for authentication must be secure and its access must be clearly regulated and transparent.

This combination of context-based, multi-factor authentication, the intelligent detection of deviations and the reaction to it is offered by the NEVIS Security Suite. It combines best-of-breed expertise by technology partners such as Behaviosec.

nevis_icon_contact    Contact

‹‹Contact us ››

For more information on multi-factor authentication, please contact us.