Tuesday, March 19, 2024

How Selfie Authentication Process Improve the Security Along With Other Authentication Methods

Digital identity has two different domains – one is identity proofing and the other is authentication, where both have been unique to each other for many years.

Businesses have now utilized several identity proofing methods to distinguish users’ identities by having them visit their local branch office or provide proof of their identity and address.

However, as more people are now using the Internet and apps on their PC or mobile gadget for the modern enterprise, financial institution and banking service, they are progressively researching for online ways to identity proof new customers without seeing them in person. 

Using Identity Proofing Techniques

At times, businesses resort to online financial databases and credit bureaus to match identities using their customer’s name, address and social security number. In some cases, they utilize knowledge-based verification where users are asked multiple proofing questions, such as asking them their Zip codes on places they have lived for the past five years. Their response is then confirmed in public record databases.

However, modern technology has made this identity proofing technique futile as cybercriminals can purchase information easily on the Net or through social media.

More recently, these businesses have requested their online customers to capture a picture of their government-issued ID and a selfie using a PC webcam or smartphone. If they’re using a legitimate ID, the picture on the identification is compared to the selfie to ensure they’re dealing with the same individual.

Using Authentication Methods

The same business then uses a disparate set of authentication method to verify the person doing the transaction if he is the same one who created the online account. Aside from providing the username and password, they need online assurance to ensure the user is who they claim to be.

The authentication technique is focused on the following risk factors – logging in from a foreign IP address; resetting passwords; huge money or wire transfers; having several unsuccessful logins; requesting a change on authorized permissions; and, continuous security for ridesharing and delivery services, online test taking and car rentals. Businesses use different technologies to ensure authentication.

Overlapping Between These Two Technologies

Conventional online authentication is sacrificed due to a number of reasons:

  • Password logging in: Almost any account found on the Internet requires a username and password. However, passwords are easily forgotten, insecure and shared with other websites. Cybercriminals can easily hack them if they take information illegally.
  • Knowledge-based authentication: Customers are asked specific security questions to ensure accurate authorization for online and digital activities. However, large-scale data breaches are now offered for sale crooks can easily access.
  • Out-of-band authentication: The authentication process done here requires two variable signals from a different network or channel, like the SMS-based authentication. However, this method is vulnerable to phishing, keylogging and SMS-spoofing attacks.
  • Token-based authentication: This type of authentication uses software tokens kept in electronic devices such as PCs, laptops, tablets or smartphones. However, they entail more costs and the need for users to carry them wherever they go. One-time passwords are non-transferrable, so it should create problems when the device is lost, stolen or replaced.
  • Biometric Authentication: Here, the biological features of a certain individual is used to authenticate the account. However, crooks can do spoofing attacks to access privileges and rights.

Website

Latest articles

Mintlify Data Breach Exposes Customer GitHub Tokens

A renowned software documentation platform has confirmed a security breach that led to the...

900+ websites Exposing 10M+ Passwords: Most in Plaintext

Over 900 websites inadvertently expose over 10 million passwords, many of which are in...

Hackers Exploiting Microsoft Office Templates to Execute Malicious Code

In a cyberattack campaign dubbed "PhantomBlu," hundreds of employees across various US-based organizations were...

How ANY.RUN Malware Sandbox Process IOCs for Threat Intelligence Lookup?

The database includes indicators of compromise (IOCs) and relationships between different artifacts observed within...

CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence

AhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in...

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles