A Brief Look at User Authentication Techniques

Generic placeholder image
Carl Niedbala

COO & Co-Founder


 

Almost every client we work with stores or uses some sort of Personal Identifiable Information (“PII”).  This probably reflects our apparent desire to have seamless/uber equivalents for literally every possible purchase of goods and services.  In any case, there’s a lot of personal data floating around the interwebs these days.  That should make security and user authentication techniques a priority for any tech company considering there’s roughly $560 Million in consumer internet fraud each year, some of which is recovered through class action suits against companies.  So what’s been going on in the authentication space? Here are a couple updates:

CAPTCHA

When I thought about writing this post, the first thing that came to mind was to look up stats on CAPTCHA use.  It’s sort of the ubiquitous authentication solution and its used by huge companies everywhere.  To me, CAPTCHA is synonymous with making a purchase on the Ticketmaster site, for example.

One company is working on a new technology that seems to ensure CAPTCHA is on its way out sooner than later.  San Francisco-based Vicarious is that company.  What they’re doing is taking the concept of machine learning and applying it in a more human-like fashion.  Instead of thousands of data points, their program needs only 10 to effectively learn, say, the general shape of a letter.  It’s even able to recognize shapes in picture format (i.e. the letters of a CAPTCHA).  Vicarious may or may not be the ones to eventually put machine learning on parity with that of humans, but we’re headed that way.

SMS

CAPTCHA’s been around for what seems like forever, but there are new players in the space these days.  One that’s gaining a ton of popularity is the two-factor authentication test using SMS.  For example, Facebook and Google started using this method within the last few months.If you’ve never seen this before, it works by sending you a text when you log into your account from a new location or device.  You type the code from the text into the appropriate field, and voila! You’re in.

It’s easy to understand why SMS-based authentication is gaining steam: multiple layers of authentication less a terribly intrusive or annoying user experience.  User’s don’t have to flip back and forth between their browser and email client to get the job done.  No need to leave the authentication page!

This method is a marked improvement from the CAPTCHA method…or is it?  Multiple layers of authentication means more security, but it also means a more complex system must be in place to process each layer.  As any product guy will tell you, the more moving parts, the more things that can break.  The situation is no different here.

Another potential issue with this method is that it creates the potential for multiple points of attack.  There’s now valuable information being pushed to multiple devices.  As SMS-based authentication use expands it’ll be interesting to monitor how the hacking landscape skews (if at all) towards mobile attacks.

That’s just a quick look at some of the most commonly used authentication techniques.  Regardless of what methods are used, there’s always a chance your company will be sued for data breach (whether or not it’s even your fault!).  And until some utopian society exists where these techniques and all security measures are perfected, you can take solace in the fact that you’re covered with a good cyber liability policy…

Interested in figuring out what a good cyber liability policy for you might look like? Give us a ring at 6468541058 or shoot an email to info@foundershield.com and we’ll be happy to chat!

Related Articles

unicorn_companies_vs_zebra_companies
March 9 • Risk Management Tips

Unicorn Companies Vs. Zebra Companies: Which Is Better?

Comparing companies to unique animals is nothing new. Wolves, bulls, bears, lobsters, sharks, and porcupines are only a few creatures that often represent market terms or even company characteristics. Since the topic of unicorn companies vs. unicorn companies is buzzing in professional circles, we’re going to break down what these businesses honestly are. Here’s a

business_risks
February 24 • Risk Management Tips

How to Identify and Manage Your Particular Business Risks

No matter the size of your company, knowing your particular business risks is crucial. Some vulnerabilities are too big to ignore, potentially causing your company significant loss or setbacks. As we frequently advise, purchasing a general liability (GL) policy works tremendously as the foundation to a robust risk management plan. But what about the other

commercial-insurance-costs
January 12 • Risk Management Tips

7 Bad Practices That Hike Your Commercial Insurance Costs

It might seem like a chore to keep your commercial insurance costs low. Here are some pitfalls to avoid that will help maintain your budget-friendly goal.

December 30 • Risk Management Tips

IPO Insights: 7 Considerations for Late-Stage Companies

Preparing for an IPO can seem like a daunting task for late-stage companies — but it doesn’t have to be. Considering these tips will make the process more manageable.

insurable risk
December 8 • Risk Management Tips

What Is an Insurable Risk?

Identifying an insurable risk from an uninsurable risk is tricky. Here’s a closer look at how insurers categorize specific exposures.

tech_companys_mistakes
December 1 • Risk Management Tips

6 Big Tech Company’s Mistakes We Won’t Forget Soon

Errors, faux pas, mishaps; it’s only natural to expect them in our everyday lives. In the business world, however, these incidences make a much larger splash. The ripple effect is often devastating — and unforgettable. This post examines six mistakes that famous tech companies made and the lessons we can learn from their blunders. 1.