Today’s Two Factor Authentication
99.999% of today’s Two Factor Authentication solutions are based on TOTP, Allow/Deny, Code Scan, Hardware Key, or SMS. All of today’s Two factor Authentication solutions have major usability disadvantages: They require user intervention, which is the main reason most users are not choosing to implement Two factor Authentication in their accounts. Furthermore, all of today’s Two factor Authentication methods do not raise a red flag when the user physically leaves the computer from which the login occurred.
Short explanation about each component in the Two Factor authentication comparison Table
- Spriv Risk Based Two Factor Authentication: Upon user’s one-click approval via software installed on the user’s mobile phone, Spriv patented and patent pending technology creates a unique signature for the user’s computer and the mobile phone location. The next time that the user logs in from the same computer while the associated mobile phone is near the same location, Spriv automatically authenticates the transaction if specific requirements are met. The far majority of the automated authentications are done in less than one second. Spriv’s combination of automation, speed, low cost, precise data, and indication whether the user has left his computer creates a new wave of authentication possibilities.
- “Code Scan”: (Not in use by Spriv) This method uses software installed on the phone to visually scan a code presented on the computer screen. Since the code is presented on the screen it cannot work with text only environments such as SSH or static pages like RDP (Remote Desktop). Code scan 2FA methods require the user to open the application and hold the phone in front of the screen in order to scan the code.
- Allow / Deny: Upon user’s login Spriv’s Adaptive Two Factor Authentication server sends a message to an application installed on the user’s smart phone and the user is required to open the application and click Allow or Deny. One of the risks of this method is repetition poisoning, which is caused by continuously asking a user to manually authenticate requests. The repeated authentication requests trains the user to automatically allow actions without checking for the content of the authentication. This vulnerability effectively violates two of the foundations of authentication: Security and Usability. The repetitive hassle impairs the usability while simultaneously creating a vulnerability that impairs the integrity of the security of the solution. Therefore Spriv suggests that standard actions such as login be authenticated using Risk Based Two Factor engine without user’s intervention, and that non-standard actions, such as change of address or wire transfers, be authenticated via other Two Factor Authentication methods such as Allow/Deny, TOTP and SMS.
- TOTP (Time One Time Password): Most commonly TOTP consists of six digits presented on a smartphone by software. The user is required to enter the six digits within the required time frame. Who wants that hassle upon every login???
- Hardware Key: (Not in use by Spriv) Most commonly, a hardware key consists of a USB with encrypted code. The Two Factor Authentication server identifies the username and later checks the USB key. From a security point of view, this provides only one channel of authentication, which by design is more vulnerable and subject to users losing or forgetting the hardware key or leaving the USB constantly connected even when leaving their computer unattended. As the market voted already, this is an IT nightmare to manage.
- SMS Code: Two Factor Authentication is done via mobile phone carriers’ SMS platforms, most commonly by sending a code to the user via SMS and requiring that the user type the code into his computer.
Conclusion
Spriv’s Risk Based Two Factor Authentication provides the same or higher Two Factor Authentication protection as other Two Factor Authentication platforms, but from the usability perspective, Spriv’s Risk Based Two Factor Authentication allows authentication without user intervention. In addition, Spriv’s Risk Based Two Factor Authentication is the fastest Two Factor Authentication method, while its cheap, highly accurate and can provide a red flag when the user leaves his computer. None of the other Two Factor Authentication platforms (even when combined) are close to Spriv’s offering. That makes Spriv the most compelling Two Factor Authentication available in the market today. Spriv is one platform for multiple Two Factor Authentication methods: Risk Based Two Factor Authentication, Allow/Deny, TOTP and SMS- allowing you to decide which authentication your user will experience in each step during authentication.
