User Authentication

Finding the right multi-factor authentication solution

About authentication

Poor security is bad for business

6B Records Breached Since 2013

Almost everything on the web uses some form of stored authentication credential.  These credentials are often stored in whole form, in one central place, meaning they are easier to compromise. So credentials which are sent over the Internet, risk being stolen in transit, as we see frequently in the latest data breach news stories. 

data-breach.jpg

 

Several super high profile smash and grab attacks on global scale cloud service providers have prompted stronger authentication to be deployed on Google, Twitter, Evernote and many more providers. The balance between user friendliness and credible security is a key issue for these providers or any web site owner needing to increase secure authentication. 

Excellent security is key to digital businesses

We authenticate ourselves multiple times every day. Every time we open a door with a key we are authenticating ourselves to the building we are entering, simply by demonstrating possession of the key. When we buy something with a bankcard we authenticate ourselves via possession of the card and knowledge of the associated PIN. This is known as two factor authentication.

In today's application, security and operations owners must deal with the ever increasing and unpredictable demand to securely authenticate more internal, external and mobile users and devices and do so at the scale and speed of today's Mobile Internet.

In response to this, they continue to attempt to ratchet up their password-based security with incremental investments in new and higher levels of two-factor and two-step authentication, doing nothing to defuse the ticking time bomb of a breach of their password database or to make life easier for users, who are increasingly frustrated with concocting, remembering and using complex passwords, technologies and processes.

 

STRONGER Authentication

Multi-Factor Means Stronger

Strong authentication means a user provides two or more of the following when requesting access:

  • Something only the user has (a token in mobile app)
  • Something only the user knows(a 4 digit pin)
  • Somewhere the user is (a known time or place)

For maximum security you should ideally authenticate with something you know, something you have, and something you are. Typically that would be a password, a physical device of some sort, and a biometric like a fingerprint. For the moment the industry appears to be content with just two factor authentication, which could be any two out of these three.


MFA Key

SAFER AUTHENTICATION

MIRACL Trust® ZFA Means Safer

Zero-Factor authentication (ZFA) means that a user proves knowledge and possession without exchanging or sending any credentials with a server database (unlike passwords and current two-factor authentication).

MIRACL Trust® ZFA platform is a cloud-based service that provides secure, Zero-Factor Authentication to employees, partners, and external users without sending authentication credentials across the web for storage in the cloud. Which means it can’t be compromised.

Fast Facts about MIRACL Trust® ZFA:

  • Provides better security: without the need for credentials, such as usernames, passwords and OTP seeds, to be sent across the web, or stored on a mobile device.
  • Affordable: Significantly lower total cost of ownership than hardware tokens and authentication-as-a-service offerings. Clients provision users as needed, billed only for usage.
  • Easy to implement: As a cloud-based service, ZFA is simple to activate deploy, and on-board users at scale. Clients can be live within minutes.
  • Can be extended into any desktop or mobile application via open source, Apache Licensed developer SDKs for iOS, Android, C# and other web languages.
  • Meets regulatory compliance: zero-factor authentication solution for regulated industries, such as finance, government and healthcare, since credentials are not stored in the cloud.
  • Scalable: secure authentication to all customers, employees and partners who power a company’s business, for less than the monthly cost of sending a few SMS messages to a single user in a month.
  • Simple to administer: Manage service delivery channels, billing, and users through one simple ZFA web dashboard.
  • Improved end-user experience: A simple 4-digit PIN is all the end user has to remember, and can be used across all applications and identities that the end user needs to gain access to.

MIRACL’s zero password authentication solutions, which eliminate authentication database breaches and improve the user experience for end eusers, deliver immediate security benefits”.

Rich Boyer, Chief Architect, NTT i3.

Clients can activate, deploy, manage easily and go live in minutes. To find out more about MIRACL Trust® ZFA, you can request a demo today.

Read more MIRACL Trust®