Image-based authentication from Confident Technologies is both highly secure and easy to use. It creates one-time passwords or PINs each time authentication is needed, yet it is easy and intuitive to use.
When a user sees the ImageShield they recall the need to select their secret categories. A blank field for A/N provides no help or recall in the process.Sources: “Awase-e: photo-based user authentication system” by H. Koike, T. Takada and T. Onuki. “D´ej`a vu: a user study using images for authentication” by R. Dhamija and A. Perrig.
The mobile phone is often used as a second authentication factor during highly sensitive online transactions. However, most solutions send the user a one-time password or PIN as a text message. If someone else is in possession of the phone, or using SMS-forwarding technology (also known as a Zeus-in-the-mobile attack), they can easily read the text and authenticate their own fraudulent transactions. Confident Multifactor Authentication is more secure because it requires the user to apply a piece of secret knowledge on the second factor device itself. This makes it a multi-layer, multifactor solution. The user simply taps the images that fit their secret categories on the smartphone. The entire authentication process remains completely out-of-band and the one-time password or PIN is essentially “hidden in plain sight.” Even if someone else gained physical or virtual possession of your phone, they would not be able to authenticate because they would not know the correct images to identify.
How To Make Mobile Apps Secure - Mobile login multifactor authentication.
Mobile Multifactor Authentication User Login Security How To Make Mobile Apps Secure Company Confidential Information
Poor Authentication on the Web Website and Mobile security are the most vulnerable area of IT security• 96% of all breached records were accessed from outside, often by using stolen login credentials or key loggers that capture passwords• Passwords are poor security: • People have too many to remember, choose weak passwords, use the same password on multiple sites • Vulnerable to key loggers, brute force attacks, dictionary attacks, etc. • Login credentials leaked from one site are used to access other sites• Challenge Questions are poor security• Tokens, Smart Cards, Biometrics are expensive, not practical for public- facing websites Company Confidential Information
How to Balance Security & Usability The need for strong security that is easy-to-use• Businesses sacrifice security in an effort to create a “frictionless” experience for online customers.• This leads to online fraud and identity theft ($221 Billion in fraud last year alone!), data breaches and other security compromises.• Businesses struggle to enforce strong authentication without burdening customers. These issues are compounding as people do more online interactions using mobile devices. Company Confidential Information
Image-Based Authentication Image-based authentication that creates a one-time password1. The first time a user registers with a website or application they select a few categories to remember2. Each time authentication is needed, they are presented with a grid of random images3. The user identifies the images that fit their categories and enters the corresponding letters as their one-time password or PIN Company Confidential Information
Why Images Are Better Easy to remembero The human brain is better at remembering categories and images vs. strings of randomA/N characters and symbols.o Independent study showed users were able to remember their image passwords with100% success after 16 weeks. Only 40% of users remembered their text passwords.o Create a One-Time Password with every authentication vs. static A/N or site key imageGuided Recall• When the user sees the Image Grid, the pictures help trigger their memory of which categories they chose.Device independent UI• Deploy on multiple devices PC, tablets, andSmart phones• Very easy to use – click/tap Company Confidential Information
Simple and SecureImage based Multifactor Authentication Company Confidential Information
Setup: User Selects 3 CategoriesImages = Multifactor Authentication Company Confidential Information
After Account is Setup: During User LoginCategories and Associated Images are displayed for selection Company Confidential Information
User Selects Correct Images and Access to Application is GrantedSecure User Access to Data Business Uses Logins - Replace passwords - Strengthen weak passwords • Password reset • Anti-Phishing • Replace challenge questions Company Confidential Information
Two Factor, Mobile Authentication• Most solutions send a one-time password as a text message. - If the phone is lost or stolen, any person can read the text and authenticate a fraudulent transaction.• Multifactor Authentication is more secure because it requires the user to authenticate on the phone by identifying their secret categories.• This is an additional security and process layer that ensures user authentication and access to applications and data. Company Confidential Information
KillSwitch Capability• In addition to choosing their secret categories for authentication, the user may choose one or more “No Pass” categories• Sends automatic alerts or locks the account if someone attempts to break in and taps one of the “Kill Switch” categories• An offensive technique that stops brute force attacks and can identify IP addresses that are attempting brute force attacks and hacking Company Confidential Information
EXAMPLESThe pictures above represent examples of potential cross messaging. Wells Fargo has not yet implemented this solution. Logos, messages and images are flexible and can be customer defined. Company Confidential Information
Image Based Security Statistics Security Level 1: Safety Probability Highlighted Example:-For a 4x4 grid requiring 3 images the probability of breaking or guessing is 1:3,360 which provides a security level of 99.97023810%. Company Confidential Information
Multifactor Imaged Based Authenticationadds to the security of your website and mobile application How To Make Mobile Apps Secure Thank You Company Confidential Information
Contact Information Lee Mercado Director, Technology Sales / HELM360 Phone: (858) 208-4140 | Cell: (603) 418-4584 13475 Danielson St, Suite 220 | Poway CA 92064 firstname.lastname@example.org | www.helm360.com