November 3, 2021
Earlier this year, following a string of cyber attacks on US infrastructure, President Biden met with over 35 private sector CEOs. He announced plans to enhance cybersecurity across the country, vowing to prioritize and elevate cybersecurity “like never before”. The White House also published an executive order mandating organizations to improve their cybersecurity. Among other things, this order stressed the importance of multi-factor authentication and cloud-based architecture.
But organizations need to be mindful about how they plan and execute a multi-factor authentication strategy. So much is at stake if it goes wrong.
What are the risks of implementing the wrong multi-factor authentication solution?
- Security: many existing multi-factor methods are lacking in security. Passwords, SMS one-time passcodes (OTP), and other tactics are vulnerable to attack. Organizations need to think about future-proofing their operations and protecting customers with stronger methods.
- Completion rates: every step in a customer journey creates friction. Asking customers to complete an extra security check can cause drop-offs if it isn’t convenient and effortless for them.
- Inclusivity: asking your customers to follow instructions or use multiple devices for authentication can result in some users not being able to use your services.
iProov’s cloud-based biometric technology is used by the world’s most security-conscious organizations to assure the genuine presence of an individual during multi-factor authentication. Dynamic Liveness can be used as part of a strong MFA strategy by providing the form of inherence—something the user is.
The bottom line? America is going multi-factor, and iProov can help get it right the first time around.
What is multi-factor authentication (MFA)?
When you log on to an online service, such as a social network or bank, you’ll usually get asked for a password. If the password grants you immediate access, you have completed single-factor authentication. If the system asks you for a second security check—for example, you’re asked to type in a one-time passcode sent to you via SMS, or double click the side button on your iPhone—this is multi-factor authentication.
Multi-factor authentication aims to verify that you are who you say you are. To complete true MFA, you’ll need a combination of two or more authentication factors:
- Something the user knows (knowledge-based authentication, like a password)
- Something the user has (possession-based authentication, like an SMS OTP sent to a device owned by the user)
- Something the user is (inherence-based authentication, like face authentication)
Importantly, if the bank asks you for a password and then for the answer to a security question, it might improve security but this isn’t multi-factor authentication—both the first step and second step are knowledge-based.
Why does America need multi-factor authentication?
In short: America needs to protect its government, enterprises, citizens, and economy against the financial losses and disruption caused by cybercrime.
Identity theft is a huge problem in America. iProov data shows that a staggering 29% of Americans have been a victim of identity theft, compared with just 15% of Brits and 13% of Australians.
If a relative, roommate, or a criminal steals your identity by getting hold of your passwords or personal and authentication information and pretending to be you, they can do a lot of damage. They can access your bank or other personal accounts to steal money or demand ransoms (this is account takeover). It’s not always about money—they can also be aiming for disruption or reputation damage.
Multi-factor authentication helps to prevent identity theft and other forms of cybercrime through inappropriate account access. It ensures that the person trying to access their account is the genuine owner of that account and not an imposter or criminal. 80% of data breaches could be eliminated by the use of multi-factor authentication.
A recent example: The hack that shut down the US’ largest fuel pipeline—the Colonial Pipeline—happened because just one employee’s compromised password was leaked on the dark web. This password then granted the attacker remote access to the company’s entire computer network. No damage to the pipeline was caused, but Colonial paid out a $4.4 million ransom to the hacker.
How would multi-factor authentication with iProov have prevented this: Imagine, as in the Colonial Pipeline example, that a bad actor manages to get hold of a federal government employee’s password. But this time, the federal agency has set up multi-factor authentication using iProov technology. The bad actor enters the password, trying to gain access to government systems. They’re asked to complete a brief facial scan to authenticate. The criminal is thwarted: even if they had imagery of the defrauded employee’s face, iProov’s Dynamic Liveness technology would detect that the real individual was not present and the access request would be rejected. iProov detects images, videos, masks, deepfakes and other synthetic media that can be used in presentation attacks and digital injected attacks to spoof a system.
Why are face biometrics the best option for multi-factor authentication?
If you’re building a multi-factor authentication strategy, face biometrics should be part of your plan. Let’s look at some of the benefits of using face biometrics in your MFA strategy.
Advantages of face biometrics for your customers:
Convenience
- Why does convenience matter? Users like convenience. If your competitors offer a more convenient authentication option, you risk losing your customers. At best, you risk customers abandoning the process if it involves too much effort.
- How does face authentication deliver convenience? The right face authentication is simple and convenient: there’s no complexity, no need to to copy a one-time passcode from one place to another. And what’s more, you always have your face with you!
- What makes iProov more convenient than other face authentication solutions? iProov has the added benefit of being device-agnostic. This means that people can iProov themselves on whatever device they’re using at a given moment; a mobile device, a desktop computer, a tablet, or on a kiosk.
Speed:
- Why does speed matter? Consumers also like speed. If a log-in process takes too long, there is a risk that they will get frustrated, give up and/or go elsewhere.
- How does face authentication deliver speed? Face authentication takes a few short seconds. It is often faster than waiting for a one-time passcode or opening up an app on a mobile device to authenticate.
- What makes iProov speedier than other face authentication solutions? iProov’s intuitive user interface and use of an abstracted image means that users are not confused by instructions and also not distracted by selfie anxiety.
Reassurance:
- Why does reassurance matter? It might sound counterintuitive, but speed is not always the priority. If your customer is transferring $50,000 to a new beneficiary, they want to know that the process is secured by appropriate checks and verifications before the transfer is made. The appropriate level of reassurance is important.
- How does face authentication deliver reassurance? If face authentication is implemented correctly, it can provide the right level of reassurance for a variety of different scenarios. Face authentication delivers more reassurance than other authentication methods: for example, a voice authentication that is done without the user knowing can be disconcerting, while being asked to wait for an OTP being sent via SMS can leave the user feeling like they are not in control of the situation.
- What makes iProov more reassuring than other face authentication solutions? iProov’s Dynamic Liveness technology illuminates the user’s face with a sequence of colors. This short ‘ceremony’ takes a few seconds and helps to reassure the customer that a secure transaction has taken place.
Ease of use:
- Why does ease of use matter? If an authentication process is difficult to use, then your customers will avoid using it. They’ll either find an alternative option with your competitors, or drop-off on this occasion in frustration and not complete the transaction, or they’ll find a workaround, as people do when they write down their passwords.
- How does face authentication deliver ease of use? Face authentication can be extremely simple: a user just needs to look at the camera on their mobile device or computer. This is much easier than switching between devices or services to find an OTP.
- What makes iProov more usable than other face authentication solutions? iProov’s face authentication is passive—there are no instructions for the user to follow as with other vendor solutions, such as moving their head or device, or reading out words or numbers. They simply position their face in the oval on the device screen and the authentication completes. It provides maximum accessibility and usability.
Advantages of face biometrics for your organization:
Inclusivity:
- Why does inclusivity matter? Inclusivity is critical to any organization. If people need to have a smartphone to use your service, or need to be able to follow complicated instructions, you risk excluding audiences that should and could be benefitting from what you have to offer. It’s essential for the public sector but all organizations need to plan for inclusivity.
- How does face authentication deliver inclusivity? Everyone has a face and most devices have a user-facing camera, which makes passive face authentication an inclusive solution. Fingerprint authentication, for instance, is only available to those with access to certain hardware. Additionally, most government-issued ID documents have a face image, so secure onboarding using a document and face biometric is the optimal choice.
- What makes iProov more inclusive than other face authentication solutions? Inclusivity is a priority for iProov. Because our technology works on any device with a user-facing camera, it can be extended to kiosks – this enables those needing support to visit branches or offices to access assistance.
Completion rates:
- Why do completion rates matter? If a user fails to complete an authentication – whether it’s an application for a driver’s license or to transfer $1000 to a friend – there are implications. They may be required to call your call center instead, which means frustration for them and increased costs for your organization. Or they may give up and go elsewhere. The outcome is lost business and customer dissatisfaction.
- How does face authentication deliver high completion rates? If your face authentication solution is accurate and scalable, as well as convenient and easy to use, it can help you to deliver high completion rates. If a customer has to wait for an OTP or has to request another one and gets them confused, they might abandon the authentication.
- How does iProov deliver higher completion rates than other face authentication solutions? iProov combines simplicity with accuracy to ensure that completion rates are maximized. We also protect against selfie anxiety and selfie perfectionism to encourage users to complete the authentication process as easily and quickly as possible.
Security:
- Why does security matter? Online crime increased dramatically during COVID-19. Organizations must protect themselves and their customers from the financial, emotional and reputational impact of identity theft and online fraud.
- How does face authentication deliver security? Face authentication can offer greater security than passwords, OTPs or other authentication methods. However, not all face authentication solutions can provide the security that is needed – device-based face authentication rather than cloud-based, for example, can be vulnerable to attack. It is important to choose the right vendor that can offer a range of flexible options for different risk profiles.
- Why is iProov more secure than other face authentication solutions? iProov’s face authentication offers the highest levels of security for online authentication. First, Dynamic Liveness is the only face authentication solution that verifies if an online user is the right person, a real person, and if they are authenticating right now and not a presentation attack or digital injected attack. iProov is also cloud-based and does not depend on the integrity of the device, as some other solutions do. iProov customers also benefit from our iProov Security Operations Centre (iSOC)—as a cloud-based service, we can monitor attacks and adjust our algorithms to provide sustainable security in a way that other vendors cannot. This also allows you to defend against evolving and unknown threats. iProov’s cloud-based authentication is also out-of-band. The authentication happens on a different plane, or “band”, to the device used to authenticate. If you use an OTP on a mobile phone, for instance, then access to the phone grants access to the OTP also, which is a critical vulnerability.
You can read more about why face authentication is the best authentication method here.
The Biden administration and cloud technology
Multi-factor authentication is just one of several important points covered in the executive order. Cloud technology was also underlined as a necessity; agency heads were given 60 days to show how they will “prioritize resources for the adoption and use of cloud technology.”
This means that iProov’s cloud-based biometric face authentication technology enables you to accomplish two things at once. First, you deliver the best possible multi-factor strategy for your users and organization. Second, you’re prioritizing the use of cloud technology.
Case studies:
iProov is already used by the world’s most security-conscious organizations, including:
The Biden administration’s commitment to multi-factor authentication in America: a summary
- The Biden administration has announced that multi-factor authentication will be part of its cybersecurity focus. This will help to avoid password vulnerabilities that can lead to incidents such as the Colonial Pipeline shutdown.
- However, organizations should know that using two weak authentication methods – for example a password and a security question – is not the answer.
- Secure multi-factor authentication needs a biometric component, or ‘something you are’ to go with ‘something you have’ and/or ‘something you know’.
- iProov’s Dynamic Liveness is ideal for multi-factor authentication; it’s secure, easy to use, convenient, inclusive, reassuring and maximizes completion rates.
If you’d like to learn more, you can visit our multi-factor authentication page, read our case studies, or book an iProov demo here.