Blog

Password: SMS. How can a text message become an element of multi-factor authentication?

Companies operating online try various ways to defend themselves against illegal access to their clients’ data. Even a very strong password, created in accordance with the guidelines required by network administrators, may not be the best weapon against online thieves. Then, multi-factor authentication including SMS verification may become the right choice to avoid data leakages.

Data that can be captured while using the internet can lead not only to the loss of accounts on social networks. Worse things happen, when the target of thieves is bank account or sensitive company data. This situation forces companies to implement tools to authenticate login process in their systems.

Single-factor Verification

One-factor method is the most popular way to protect your data and accounts with two simple information: login and password. Another form of unified authentication are also fingerprint readers, i.e. biometric methods. This time we will focus on more complicated way – multi-factor authentication (so called MFA).

Multi-factor Authentication

The multi-factor authentication (MFA) method involves using at least three elements among: something you are (inherence factor), something that you possess (possession factor), something you know (knowledge factor). In fact, it is possible to use 2, 3, 4 and even 5-elements of authentication. Access to important data requires a minimum of three factors, the diversity of which is shown in the following illustration:

Źródło: https://dev98.de/2016/11/19/a-multi-factor-authentication-quickstart

Something you know

It can be a typical password or pin should be entered in the appropriate window. The level of security of these kind of factor depends on the length and complexity (use of different types of alphanumeric characters- both 1,2,3 and XyZ). It is also important to protect and preserve an access to your passwords (it is also good not to write them on yellow cards on the monitor ;-)).

Something you are

The ability to identify faces or read fingerprints is not yet widely used and has already been partially questioned as effective security methods. It turns out that the fingerprint can be fake but you can also trick FaceID with a fake mask.

Something you have

It can be a FlashDrive plugged to a computer, a door opening card or other items that will allow you to authorize your access. But! At the same time it is going to work with the phone in your pocket! Using the last solution, user has to pass particular stages and in the end receives a code via SMS. In comparision with other methods, this one is easy to implement as banks and technological companies have been using such solutions for a long time. What is also important, chosing this factor ensures that the device will always be close to the user (in his/her pocket/bag).

How to plan data protection?

Current development of technology allows us to implement security system worthy of the White House, but we should always remember about its usability. The authentication method has to be adapted to the type of protected data and the level of their secrecy. Every regular user will be upset if you force him to go through a 5-steps control so that he can check e-mail.

On the other hand, along with the development of technology, the possibilities of digital robbers also grow. Therefore it is worth taking into account the dangers hiding in the network, properly secure yourself, but in a useful and intuitive way for the client. From this, among others the popularity of text messages with code follows.

SMSAPI introduces SMS Authentictor

With reference to the data protection needs, we have prepared a service that will confirm user’s identity with SMS code sent automatically to his/her mobile phone (using factor “Something that you have” – so called SMS Verification). You just have to enter the number to be checked and SMSAPI will send the security code and check if it is correct.

Read more about SMS Authenticator - SMS verification method

If you want to know more details about this brand new feature – go here!

The weakest authentication aspect is …

When login procedure is built of several elements, the certainty that any unauthorized person will be able to get possession of the protected data is almost one hundred percent. Almost because there is always one weakest link, regardless of method – a user who can inadvertently leave behind traces, bringing digital thieves to the data they are looking for. It is worth to make their operation as difficult as possible, expanding your defense with multi-factor authentication.