September 9, 2019

What's Better Than 2FA?

Authentication in the digital world is a tricky business. While everyone realizes that their username/password combination is most probably long since compromised, very few are willing to take the steps necessary to implement two-factor authentication (2FA) for a myriad of reasons.

2 Factor Authentication Revisited

By way of reminder, SearchSecurity describes two-factor authentication (2FA) as:

“Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access. Two-factor authentication provides a higher level of assurance than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically a password or passcode. Two-factor authentication methods rely on users providing a password as well as a second factor, usually either a security token or a biometric factor like a fingerprint or facial scan.”

With all of the press on identity breaches, you would think that everyone would want to enable 2FA immediately, correct? Wrong!  According to a TechRepublic article titled “Have tech companies taken two-factor authentication too far?

“Apple is facing a lawsuit from an aggrieved user claiming that  two-factor authentication (2FA) is a "waste of their personal time" for performing additional steps to log in, according to MacRumors. The complaint alleges that use of 2FA requires "an additional estimated 2-5 or more minutes," and that 2FA cannot be disabled after it has been enabled for two weeks.”

Yes, it takes longer, but nothing exceeds like excess, so as you can imagine, a number of security aficionados believing that if two-factors are safer than just one, then going beyond just two factors of authentication and moving into three, four or even more will increase security proportionately.

Multifactor Authentication With More Than Two Factors

How Much Is Too Much Authentication? Most companies have already adopted some form of two-factor authentication and already the user community is pushing back. The added requirements of PINs or biometric scans has shown to be time consuming and not completely as fool-proof as expected. The drive is to improve security so it stands to reason that more factors will equate to more security.

If 2 factors authentication is more secure than 1 factor (password only), then 3 is even more secure than 2 and so on. To drive home this point at Saturday Night Live-level extremes we launched a new 11-Factor Authentication solution to showcase the absurdity of this approach.

The headline of this new app describes itself as:

The most secure, friction-filled password manager of all time.

11 Factor remembers all your passwords for you, and then makes it basically impossible for anyone (including you) to retrieve them.

See how far you can go into the ll-factor authentication challenge and then step back for the real questions that come to mind, which are:

  • How many factors are required to absolutely and beyond all shadow of doubt be truly be secure when authenticated a user to an information resource?
  • At what point will the user community revolt and decide that they cannot take it any longer?

The best of both worlds can only be an infinite-level MFA solution that has absolutely no drag, or perhaps a new approach that continuously authenticates every user with an immutable identity approach.

Continuous Behavioral Authentication

Acceptto was the first to understand, develop and deliver continuous authentication. Our company was built on the foundation that the only way to ensure digital credentials are being used only by the person who those credentials represent and not some imposter or someone hijacking a device correctly authenticated by that person. More importantly we recognized that the only immutable credential would have to be based on the unique behaviors of each individual.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Intellyx’s whitepaper titled  App Authentication Evolves in a World of Compromised Credentials today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

Download Intellyx Whitepaper

continuous authentication 2fa two factor authentication