We all thought the idea of “something you have, something you are and something you know” for our login data will be safer, but it is evident customer authentication factors have failed to hold down the fort. Even with all these factors, we are repeatedly asked to give; technology has failed to protect the consumer’s data.
– Passwords no longer protect
The use of passwords is slowly fading away. Protecting several accounts with passwords, together with the need to create complex secret words and change them every month or two is tedious.
Many users opt to recycle one password across various services. Last year’s report by TeleSign Consumer Account Security says 71% of accounts are secured by a single password used across many sites. Therefore, if a password is affected due to a data breach or phishing attack, Cybercrooks many take advantage of other accounts belonging to the same user.
Knowledge-based authentication (KBA) serves as a backup plan for passwords. TeleSign reported 56% of internet users consider KBA- also part of “something you know” as their preferred method of additional authentication. On the other hand, Gartner research found that consumers fail to give correct answers to their KBA questions 15–30% of the time, while cybercrooks respond to those questions correctly 60% of the time. Tricksters often source this data through phishing or from the social media.
– SMS Authentication is major setback
To accomplish the concept of “something you have,” experts designed use of physical tokens which create different one-time passwords (OTPs) every one minute.
This habit has also shifted to smartphones, where OTPs are sent as SMS/text messages. The danger with this practice is that fraudsters can use mobile malware to intercept these important messages and access them.
Surely we all should support the National Institute of Standard and …