In our latest article we look at how deviceless authentication can be effective at combating password breaches.
For decades now, organisations, platforms and users have relied on passwords for security. The password has been entrusted as the gatekeeper, the single solution to keep information safe and solely in the hands of those with the code to gain access.
Recently, however, as our reliance on passwords has increased, and the need for rock-solid online security has intensified, the password is failing to meet its one goal: keeping information safe. The very solution that we have entrusted to keep our information secure has become the very thing that risks the security of businesses, data and users.
Hackers have become more advanced, as has the technology they implement to crack the codes we work so hard to develop to keep them out. In response, most businesses have been quick to enforce stringent password policies demanding an increase in complexity, which sadly just seems to have resulted in most users forgetting their codes. Or worse, bypassing the security systems to weaken their password strength in order to be able to remember.
Passwords alone are now inefficient and virtually ineffective
Traditional passwords are shared every time they are entered online or into keypads. This automatically makes them vulnerable. Whether someone may have seen over-shoulder, wi-fi hacking/spoofing, or through hidden online keyloggers, the moment a password is entered, it is no longer a secret – making it incredibly unreliable and immediately redundant as a secure login code.
1.5 factor authentication to reduce password breaches
Increasing password complexity does not work. Humans are notoriously bad at retaining the long, character complex codes within their mind, especially when policy dictates that they should change it every other month. So what now? Secure log-in practices are critical to keeping information safe online, but the method needs to change.
On-screen, deviceless authentication, referred to as 1.5-factor authentication, gives users access to a password that is easy to remember but changes every time they use it. This secures the login from password-based weaknesses and doesn’t require the overhead of full blown 2-factor authentication.
Mounting evidence shows that people are much better at remembering patterns and shapes than they are at remembering letters, numbers and words – what most businesses currently use for passwords. 1.5-factor authentication taps into the mind’s preference for thinking in patterns and shapes to provide users with a better login experience and businesses with drastically improved online security.
By removing the ability for repeatable passwords to be stolen, breaches are reduced, and businesses can rest comfortably in the knowledge that their IP and user data is secure.
How does deviceless 1.5 factor authentication work?
Deviceless 1.5-factor authentication utilises a pattern, rather than a password. This means that users simply need to memorise their pattern, and the resulting one-time code will change from minute to minute. Shoulder surfing and spoofing is no longer a threat and computers never capture an actual pattern so it can’t be repeated for access.
With this technology, users simply overlay the pattern onto a grid of numbers presented to them. This one-time code is made up of the numbers located under the pattern, which change regularly and at random. From any platform – desktop, laptop, mobile, cloud – users can leverage this technology from the palm of their hand and login securely without needing a device or a password, drastically reducing possibilities for password breaches.
Deviceless 1.5-factor authentication technology can help to provide a uniform log-in experience for users in various environments, including mobile apps, desktop login, websites, clouds apps, Office 365, ATMs, Point of Sale devices, and more.
Deviceless authentication – where to find out more
PINgrid is our award-winning, patented, multi-factor authentication and transaction signing solution. It is being used across industries to transform any mobile device into a soft token, via a simple offline application, replacing passwords with a memorable pattern that automatically generates a One Time Code (OTC).