Page 42 - Cyber Warnings
P. 42
For this reason, this type of second-factor authentication has come under increased scrutiny
and criticism.
In August of this year, the US National Institute of Standards and Technology (NIST)
recommended that SMS no longer be used as an OTP delivery system because of the
unencrypted channel’s inherent weakness in preventing cyber fraud.
But well before then, there has been a distinct move away from SMS-based user authentication
and toward other factors that are more secure and user-friendly.
What’s more, authentication factors have come a long way since the hey-day of the random-
generated passcode number sent though SMS. Handheld devices have a lot more built-in
technology than laptops or desktops, and the smartphone (and its cousin, the tablet) have been
leveraged for more secure forms of transaction verification.
These include push notifications, biometric facial, fingerprint or voice recognition, and security
software that can be integrated into a bank’s mobile application.
So with the advent of more secure authentication methods and their increasing dominance in
the market, the question must be asked: Are we witnessing the death of the SMS-delivered OTP
as an authentication factor?
The answer depends on just how secure these more advanced and stronger authentication
methods really are, and in the face of them, whether SMS-delivered OTP is still of any use. Let
us look at some of these ‘next generation’ authentication methods and their best practices:
Push Authentication: Push notifications allow real-time, quick and secure messaging, which
can be responded to instantly to authenticate or deny a transaction. The message is sent out-of-
channel and is encrypted.
There is no PIN or password to type into a webpage, putting it out of the reach of
cybercriminals. Its strong security is also highly convenient, making for a frictionless user
experience.
Biometric Recognition: Biometric technology enjoys the perception of being highly secure,
which is important, because if the technology is not perceived to be secure then customers are
not going to use it.
Fingerprint, face and voice recognition scanners are improving as mobile devices improve, and
many smartphones have built-in fingerprint readers.
Like Push, biometric authentication takes seconds to execute and is more convenient for the
end user than requiring them to enter a one-time passcode.
42 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
