The popularity of mobile devices increases every day. Smartphones, tablet computers, smart watches – today these lightweight portable ‘mini-computers’ are sold better than traditional desktops and laptops.
This trend is set by the rhythm of modern life, full of flights and journeys – often on the other end of the world. Today, a lot of people don’t work in the traditional offices. They can work remotely in comfortable conditions – either at home or during the journey. A small, lightweight mobile device is convenient to be kept within reach of the hand.
In this situation, there is an urgent need in reliable authentication methods to access personal and especially work-related accounts. Thus, the significance of mobile authentication cannot be overestimated.
It is worth noting that the mobile authentication can denote two different things:
- User authentication as the owner of the smartphone or tablet.
- User authentication in any service that supports two-factor authentication (2FA), using the smartphone as a token – mobile authenticator.
Let us consider the second option in more detail as the more versatile and interesting one.
Two-factor authentication process generally consists of two stages. At first, you enter a common reusable password assigned to you on a particular website. And the system checks the entered combination of symbols with the one stored in its database.
If the first check is successful, there is the second step of user authentication, which finally confirms the right to enter the account. Usually, the system requires the OTP password (one-time password), which can be delivered to the user in different ways.
And it is this very stage, the second stage of 2-factor authentication, the mobile gadgets can provide invaluable help.
Mobile authentication in 2FA
1. Getting one-time password by SMS.
When logging into a computer or laptop, the user enters the OTP passwords sent in SMS to confirm his identity. SMS authentication is considered very comfortable because the user doesn’t have to do anything to get the password. There is no need to go to the bank or post office for additional user authentication – hardware token. There is even no need to install any special software: the SMS function is originally installed on every phone. The user shouldn’t have anything else but a cell phone, a thing that almost everyone has today.
But as you know, every coin has two sides – and this authentication method is not an exception. The fact is that mobile communication channels are protected rather weakly and theoretically fraudsters can connect and intercept the OTP password. Besides, the signal quality may be low. This means SMS can be received too late, and the one-time password, valid only for a short time, becomes of no use.
2. The smartphone as a one-time password generator.
There are more modern and reliable ways to get the OTP password. For example, a special program that generates one-time passwords may be installed on the smartphone. This turns the device into a full OTP token or mobile authentication. Developers have created several applications of this type, suitable for a variety of mobile operating systems. Protectimus also has one – it is called Protectimus Smart. It can be installed free on Android and iOS smartphones, as well as on the smart watches Android Wear. The software token has a fairly wide range of settings. You can select the length of the generated OTP password or the algorithm of its generation. Besides, it supports the data signature function CWYS (Confirm What You See).
However, the mobile authentication can also have a weak point – imperfect data protection of its mobile operating systems. Moreover, if earlier iOS was considered almost invulnerable to viruses and hacking, today the hackers have reached even the Steve Jobs’ brainchild: experts confirmed the presence of loopholes in iOS protection. As for Android, its vulnerabilities became known long ago.
Despite some shortcomings, the mobile authentication is convenient for users – primarily because it does not require any additional devices for authentication. It must be acknowledged that the numerous advantages of mobile authentication method offset its shortcomings.