Yet again, for the third time, you try to enter the password of a critical application, and this is your last chance before the application shuts you out for the next 24 hours, only after which you can try again!
Sounds familiar? Yes, because most of us have been there.
We forget passwords and their combinations and sometimes get the capitalized letters wrong, and what’s worse, we may not even realize that we had accidentally turned on the caps lock. Before we figure out the right combination and mistakes, we have exceeded the maximum number of tries allowed for entering a password.
This means either we are shut out for a specific time, or we have to go through the “Forgot Password” process again.
All these are frustrating, to say the least. Also, it prevents us from accessing the application we want and wastes our precious time.
But from an application owner’s standpoint, these checks are necessary to prevent unauthorized access and to reduce the possibility of errors and frauds. So, such a checking system is essential, and such an authentication process is justified as well.
Embarking on an Error-Free Login Process
Since there is merit in what the user wants and why the application behaves the way it does, what’s a more streamlined and error-free solution that will satisfy both the application’s need for security and the user’s need for a simplified and error-free login process.
One Time Passwords
Passwordless authentication systems eliminate the use of passwords and the pain points that come with them.
Instead, the user can enter the email address or phone number associated with the account and enter a One Time Password (OTP) that is sent to either the email ID or the phone number.
If the OTP matches, the user can access the system.
It sounds like the perfect alternative to the idea of remembering passwords, right? Except that this has its pitfalls as well.
What happens in the following situation?
Your device is lost or stolen, so you’re unable to see the SMS that was sent to your cell phone.
You forget the password of your email ID.
Your email is hacked, and you’re unable to log in
Worse, hackers can easily intercept the SMS and use it for their own gain.
In this sense, you’re addressing one problem, but in the process, opening a can of worms that can have an even more serious security downside. So, these OTPs are never a standalone solution for secure authentication.
Biometrics is often seen as a foolproof way of authenticating a user because it is based on personal identifications such as fingerprints and retinas that are hard to steal.
Also, science has proved beyond doubt that these are unique, so no two individuals in the world share the same fingerprint or retina, thereby making them unique identifiers.
Other advantages are that these identifiable things are non-transferrable to others, and they meet the authentication principles of “something a person has and is.”
So, biometrics is touted to be a great alternative to entering passwords, and the added advantage is that it provides a great user experience as well.
From a user’s perspective, the hassles of coming up with a unique combination of words to form a password, remembering the same.
There are high frustrations that come with using your passwords when they don’t work — or when there are times that you forget your password — or if a needed password is removed.
Now, let’s look at a practical implementation of biometrics by a company called SAWO Labs.
SAWO Labs is a startup that has come up with a unique way of implementing biometrics to ease the process of authentication without compromising on security. Its name is the acronym for Secure Authentication Without OTP and is rightly named, as it eliminates the need for passwords and OTPs.
In this process, all that a user does is visits the sign-in page and enters the phone number or email ID associated with that application. That’s it. No passwords.
SAWO uses your phone lock as the biometric attribute to verify your identity and, accordingly, authenticates you into the app.
Some of the advantages that come with SAWO’s authentication model are:
No complicated passwords to create or remember
No possibility for hacking the SMS messages sent to your phone
An easy authentication process that scores high on user experience
An extremely secure way to authenticate users
The entire authentication process completes under one second
Works for all kinds of applications
There have been many cyberattacks that have occurred in just the last few days around the nation and even in governments. It is time that we all take our company’s security seriously and find a way to keep all of our logins safe.
Image Credit: kevin paster; pexels; thank you!