Monday, October 7, 2024
HomeComputer SecurityHow Selfie Authentication Process Improve the Security Along With Other Authentication...

How Selfie Authentication Process Improve the Security Along With Other Authentication Methods

Published on

Digital identity has two different domains – one is identity proofing and the other is authentication, where both have been unique to each other for many years.

Businesses have now utilized several identity proofing methods to distinguish users’ identities by having them visit their local branch office or provide proof of their identity and address.

However, as more people are now using the Internet and apps on their PC or mobile gadget for the modern enterprise, financial institution and banking service, they are progressively researching for online ways to identity proof new customers without seeing them in person. 

- Advertisement - EHA

Using Identity Proofing Techniques

At times, businesses resort to online financial databases and credit bureaus to match identities using their customer’s name, address and social security number. In some cases, they utilize knowledge-based verification where users are asked multiple proofing questions, such as asking them their Zip codes on places they have lived for the past five years. Their response is then confirmed in public record databases.

However, modern technology has made this identity proofing technique futile as cybercriminals can purchase information easily on the Net or through social media.

More recently, these businesses have requested their online customers to capture a picture of their government-issued ID and a selfie using a PC webcam or smartphone. If they’re using a legitimate ID, the picture on the identification is compared to the selfie to ensure they’re dealing with the same individual.

Using Authentication Methods

The same business then uses a disparate set of authentication method to verify the person doing the transaction if he is the same one who created the online account. Aside from providing the username and password, they need online assurance to ensure the user is who they claim to be.

The authentication technique is focused on the following risk factors – logging in from a foreign IP address; resetting passwords; huge money or wire transfers; having several unsuccessful logins; requesting a change on authorized permissions; and, continuous security for ridesharing and delivery services, online test taking and car rentals. Businesses use different technologies to ensure authentication.

Overlapping Between These Two Technologies

Conventional online authentication is sacrificed due to a number of reasons:

  • Password logging in: Almost any account found on the Internet requires a username and password. However, passwords are easily forgotten, insecure and shared with other websites. Cybercriminals can easily hack them if they take information illegally.
  • Knowledge-based authentication: Customers are asked specific security questions to ensure accurate authorization for online and digital activities. However, large-scale data breaches are now offered for sale crooks can easily access.
  • Out-of-band authentication: The authentication process done here requires two variable signals from a different network or channel, like the SMS-based authentication. However, this method is vulnerable to phishing, keylogging and SMS-spoofing attacks.
  • Token-based authentication: This type of authentication uses software tokens kept in electronic devices such as PCs, laptops, tablets or smartphones. However, they entail more costs and the need for users to carry them wherever they go. One-time passwords are non-transferrable, so it should create problems when the device is lost, stolen or replaced.
  • Biometric Authentication: Here, the biological features of a certain individual is used to authenticate the account. However, crooks can do spoofing attacks to access privileges and rights.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

AeroNet Wireless Launches 10Gbps Internet Plan: A Landmark Moment in Puerto Rico’s Telecommunications Industry

The telecom company AeroNet Wireless announced the launch of its new 10Gbps speed Internet...