In today’s online world of increasing digital crime, internet fraud and database breaches, businesses are left with the growing worry about protecting their online commerce and customers.
When authentication goes bad
For years, industry experts have warned that passwords do not provide strong enough security as a sole line of defense against the ever escalating cyber security threats designed to exploit vulnerabilities with stored authentication credentials.
Usernames and passwords have proven time and again to be a weak solution for authentication, and the databases where they are stored are a hacker’s dream come true. It is increasingly easy for cyber criminals to gain access to a business’s or user’s private data such as personal details, banking or financial information, and then to use that data to commit fraud, whilst damaging the business’s reputation in the process.
In recent years, the high profile smash and grab attacks on global cloud service providers have prompted the need and understanding for businesses to deploy stronger authentication. But getting the right balance between user friendliness and credible security is a key issue for any business needing to provide real secure authentication.
When authentication gets good
Fortunately, powerful technology solutions exist to supplement this need for usernames and passwords as a authentication method. Strong and two-factor authentication helps defeat hackers by requiring users to show at least two simultaneous but independent means of verifying their identities, in most common cases ‘something they know’ and ‘something they have’.
Strong authentication services in cloud and mobile technologies can now enable a new level of improved cyber security for businesses that passwords cannot compete with. Organizations can now verify online identities for customers, employees and partners with strong authentication delivered as a secure, scalable cloud-based service. These new tools offer organizations the flexibility to tailor strong authentication deployments to meet specific business or security needs in regulated and unregulated industries.
But security and operations owners must deal with the ever increasing and unpredictable demand to securely authenticate more internal, external and mobile users and devices and do so at the scale and speed of today’s mobile internet. So how does a business implement strong authentication seamlessly into their infrastructure without compromising security or the end user experience?
A new solution for Strong Authentication
MIRACL Trust® is a cloud-based security service that provides multi-factor authentication to enterprise employees, partners, and external users without sending authentication credentials across the web or storing them in the cloud in whole form. The service allow users to identify their identity to any web or mobile application, without actually revealing information that can be compromised.
The Tech City Bank (TCB) demo is an example of how a financial services organization can integrate MIRACL Trust® multi-factor authentication into their existing mobile and web applications while meeting the “strong authentication” requirement for PSD2. It provides an end-user scenario for downloading, activating and using MIRACL Trust® to securely authenticate both into a mobile application and into a web application (from the mobile app).
Note that the Tech City Bank demo site allows anyone to register and log in. In a real world scenario, such a site would typically also perform a user authorization process prior to online registration, and would then only allow known users to log in.
What you need to run the TCB demo:
- A smartphone (to run an Android or iPhone app)
- A computer (to open a web page with a browser)
- A working email address
- Five minutes