Thursday, March 28, 2024

How Selfie Authentication Process Improve the Security Along With Other Authentication Methods

Digital identity has two different domains – one is identity proofing and the other is authentication, where both have been unique to each other for many years.

Businesses have now utilized several identity proofing methods to distinguish users’ identities by having them visit their local branch office or provide proof of their identity and address.

However, as more people are now using the Internet and apps on their PC or mobile gadget for the modern enterprise, financial institution and banking service, they are progressively researching for online ways to identity proof new customers without seeing them in person. 

Using Identity Proofing Techniques

At times, businesses resort to online financial databases and credit bureaus to match identities using their customer’s name, address and social security number. In some cases, they utilize knowledge-based verification where users are asked multiple proofing questions, such as asking them their Zip codes on places they have lived for the past five years. Their response is then confirmed in public record databases.

However, modern technology has made this identity proofing technique futile as cybercriminals can purchase information easily on the Net or through social media.

More recently, these businesses have requested their online customers to capture a picture of their government-issued ID and a selfie using a PC webcam or smartphone. If they’re using a legitimate ID, the picture on the identification is compared to the selfie to ensure they’re dealing with the same individual.

Using Authentication Methods

The same business then uses a disparate set of authentication method to verify the person doing the transaction if he is the same one who created the online account. Aside from providing the username and password, they need online assurance to ensure the user is who they claim to be.

The authentication technique is focused on the following risk factors – logging in from a foreign IP address; resetting passwords; huge money or wire transfers; having several unsuccessful logins; requesting a change on authorized permissions; and, continuous security for ridesharing and delivery services, online test taking and car rentals. Businesses use different technologies to ensure authentication.

Overlapping Between These Two Technologies

Conventional online authentication is sacrificed due to a number of reasons:

  • Password logging in: Almost any account found on the Internet requires a username and password. However, passwords are easily forgotten, insecure and shared with other websites. Cybercriminals can easily hack them if they take information illegally.
  • Knowledge-based authentication: Customers are asked specific security questions to ensure accurate authorization for online and digital activities. However, large-scale data breaches are now offered for sale crooks can easily access.
  • Out-of-band authentication: The authentication process done here requires two variable signals from a different network or channel, like the SMS-based authentication. However, this method is vulnerable to phishing, keylogging and SMS-spoofing attacks.
  • Token-based authentication: This type of authentication uses software tokens kept in electronic devices such as PCs, laptops, tablets or smartphones. However, they entail more costs and the need for users to carry them wherever they go. One-time passwords are non-transferrable, so it should create problems when the device is lost, stolen or replaced.
  • Biometric Authentication: Here, the biological features of a certain individual is used to authenticate the account. However, crooks can do spoofing attacks to access privileges and rights.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles