Owing to the countless cyber attacks that have targeted multi-national corporations over the past couple of years, more and more businesses are stepping up their web security defences. But while operating system updates and anti-virus software can increase protection against online offenders, the humble password remains a big vulnerability.
In fact, a study by research firm Gartner reveals that 95 per cent of all web app attacks make use of stolen passwords. As a result, it makes sense to explore alternative authentication methods other than passwords.
Not sure what mechanisms are available or which one you should choose? Don’t worry, as here is a look at five of the best.
This mobile app and web service does away with passwords in favour of biometric authentication. In the past, fingerprint technology was simply too complicated and costly, but KodeKey takes advantage of smartphone scanners and a highly secure verification infrastructure.
Users are registered to the KodeKey server along with a phone number and PIN. Every time you login, a notification is sent to the KodeKey app, which then asks you to confirm your identify using your smartphone’s fingerprint scanner.
This particular platform leverages your own mobile device in place of passwords or tokens for remote login, real-time authorisation, and two-step verification. No personally identifiable information is stored with LaunchKey, while sensitive authentication data never leaves the user’s device.
Authentication methods available with LaunchKey include fingerprint verification, geo-fencing, pattern codes, and much more. Users can set-up and choose a combination of these options too.
Unlike other platforms, Clef uses a smartphone camera, a wavelength image, and an asymmetric key combination to verify the identity of each user. When entering a Clef-backed login page, a waveform image is displayed on the screen, which the user has to capture on their handset’s camera.
For verification, Clef will match the public part of the asymmetric key, stored on its server, with the private part on the user’s phone. This public/private key combination mitigates the threat of man-in-the-middle cyber attacks.
- MIRACL M-Pin
To create a unique key that runs a zero knowledge proof authentication protocol against its server, MIRACL M-Pin asks for a user-selected 4-n length PIN and a related software token. No passwords, personal information, or other shared secrets are stored on its servers.
- YubiKey Neo
The YubiKey Neo is an NFC-enabled physical key that can be held against the back of a compatible phone to provide second factor authentication. Every time the key is pressed, it will generate a login code specific to the user and service at hand.
YubiKey Neo can also be plugged into desktop computer USB ports for machines without NFC technology. However, it does not store any personal details and when linked to an account, will still need a physical key to login with.