According to the analytical center of digital shadows, on the black Internet market in 2020 sold more than 15 billion stolen personal data.
These are passwords and logins for online banking, music streaming services, e-mail, social networks. A study by Microsoft found that in more than 99.9% of cases, users could avoid leaking their data if they were more responsible with online authentication.
Authentication vs identification vs authorization
What is online authentication? This procedure helps to confirm your identity. For example, when the program compares the entered password with the password stored in the database. Authentication is the second step in logging in to your account. This is preceded by identification – verification of your login. First, the system asks for a login, you specify it, the system recognizes the login as available – this is identification. The third stage is an authorization. It is giving you the right to perform certain actions. For example, you can manage emails when it comes to accessing email.
Authentication is required to protect personal data. This is probably the most important of the above three steps in terms of account security. It should be given due attention, because in the network, as in real life, there are many who want to get access codes, hack the account, withdraw money from the account. To do this, many technical means and methods of fraud have already been invented. Those who cooperate with companies and work with their data should be especially responsible for the protection of information – not only you but also the company are at risk in the event of a leak.
Types of authentication: single-factor and multi-factor
First, let’s understand what the factor is. Strictly speaking, it is an information tool with which you authenticate. Yes, the factors are divided into:
• unique knowledge (password, code word, or code from numbers that comes in SMS);
• unique device or file (card, intercom key, key to enter the online bank of the enterprise, electronic signature);
• unique biometric data (voice, fingerprints, retina).
It is possible to understand from the name that at one-factor authentication the factor of one kind, whereas at multifactor – two or three (for example, the password + an electronic signature + a fingerprint) is used. The more authentication factors used, the more reliable it is.
There are one- and multi-factor (usually two-factor) authentication. There are three types of factors:
• unique knowledge (code, password, code word, etc.);
• unique device (token, electronic signature, certificate, etc.);
• unique biometric characteristics (fingerprints, facial features, retinal pattern, etc.).
Thus, one-factor authentication uses a factor of one type, and multifactor authentication uses two or three. The most common authentication factors are unique knowledge (passwords and digital code combinations), tokens, and biometrics. Let’s deal with each separately.
Unique knowledge. Passwords
In 2020, Cybersecurity Ventures published a study stating that every online user has 25 to 36 passwords for authentication. Of course, it’s impossible to remember so many different passwords, so people choose passwords that are easy to remember – and hacking. Users often store the same combinations on different Internet resources, which simplifies the task for hackers. Passwords with complex combinations have proven to be effective, but because they are not easy to memorize, passwords are stored somewhere, which also poses some risks of theft. Therefore, companies that work with sensitive personal data do not use this authentication factor or use it in combination with other, more reliable ones.
Cybercriminals can use cloud services to crack passwords. At the same time, they can select more than 650 million different password combinations per second. This means that in about an hour a hacker is able to crack a “super-complex” password of 7 characters. But if your password already has more than seven characters, it takes up to 5 days to crack. During this time, the system can detect hacking attempts and notify you in a timely manner. Therefore, it makes sense to generate strong passwords using special programs.
Unique knowledge. Digital codes and confirmations using a smartphone
This authentication factor as a second step – after you have entered the login and password – is widely used primarily by banks. To complete the procedure of entering online banking, you enter a one-time password, which usually consists of numbers and comes in an SMS or mobile application on a smartphone. A variant of this method of confirmation is a call to the phone with a request to confirm the login. Such authentication is considered reliable, but there are still risks of SMS interception. And, of course, problems can arise in case of loss or theft of the smartphone.
Electronic keys and hardware devices
Electronic keys or signatures are becoming more common. Resources that use this authentication factor, save provide it in the form of certificates (electronic forms) issued by special centers. In this case, the Internet does not store information about users. The digital key is most often used for authentication when it comes to important procedures – for example, you need to go to a personal account on the portal of public services, digital signature, respectively, to sign documents. This type of authentication is reliable, but there is still the possibility of stealing the key/signature.
Tokens, or hardware devices, often in the form of a flash drive, carry one-time passwords that people use to log in to the system. The access code is generated automatically, which guarantees a high level of protection. The disadvantages of this factor are the risk of theft or loss, as well as the additional cost of purchasing the device.
Many of us have become accustomed to this way of unlocking a smartphone, such as scanning a fingerprint or identifying a face. But to ensure greater reliability, many companies and even countries use other unique features, such as retinal imaging, voice, and so on. The same US Immigration Service scans the image of the retina while checking passengers at the airport. This authentication factor has a very high degree of reliability, but there are loopholes, such as the imperfection of readers, which can be “tricked” with 3D copies or photos.
More is better?
Yes, but not quite. Today it is considered that the most optimal type of authentication is two-factor. It is trusted by most large companies, government agencies, and services. Over time, two-factor authentication will become mandatory, as hacking techniques evolve with the development of technology. And if today you have the opportunity to take advantage of two security factors – do it.