It may seem that each of us is interested in protecting his/her confidential data (passwords, payment cards, addresses, and other personal information) from becoming the public domain on the web. Especially from people who are looking for such information for fraudulent purposes in order to inflict moral or material damage deliberately.
The ways to avoid the invasion into privacy are already known. One of the most accessible ways is a two-factor authentication. But… people not always use this option on their accounts on the sites.
Is only laziness or negligence guilty of it?
Let’s imagine that every time you simply log in to Facebook or Instagram you should wait till the SMS with one-time password comes or token generates it. After that, you still need to enter the password. For each account separately! How much time will you need just to browse the news and messages from friends? But we should remember that an average Internet user, as a rule, is registered on many social networks. That is why users have to choose between simplicity and security and often not in favor of the latter.
Let us recall what happens when we try to enter the mailbox from another computer or another browser on the same device. If the log in the account applies only a simple password, the system will necessarily require its entering, and sometimes you will need to answer a secret question. Google will even send a message about a suspicious sign-in.
Smart identification at work
The system of smart identification keeps a record of certain parameters, and if one or more of them violate the usual ‘course of events’, the request for additional confirmation of the user’s identity is needed. In the case with two-factor authentication, it is required to enter one-time password.
If the analysis of the behavioral factors shows typical behavior of the user, the login is automatic.
The basis of smart identification consists of relatively constant for each user behavioral characteristics.
Among the parameters monitored by the system can be the following:
- name and version of the browser, the list of installed plug-ins in it;
- IP address, location of the computer, the input language;
- typical session time, a list of opened tabs and other behavioral characteristics of a user.
Modern technology of authentication easily adjusts to each client. It allows taking into account more or fewer parameters during the analysis.
It seems reasonable since each company which uses two-step verification has its own security requirements. For forums, postal services or the usual corporate sites it is enough to track behavioral factors and request the one-time password only in case of deviation from the usual pattern of the user’s behavior. However, for banks and other companies involved in the transferring of money on the network, such ‘loyalty’ is hardly acceptable, and it is better if one-time passwords will be requested during each transaction.
A characteristic feature of the Protectimus 2FA service is the ability to customize the conditions under which the system will require additional confirmation. In Protectimus the list of tracked behavioral characteristics includes not only the model and version of the browser, but also many other factors such as:
- color depth and resolution of the screen;
- plug-ins, installed in the browser, presence or absence of Java;
- operating system and language;
- IP address.
Which of these factors should be taken into account or they shouldn’t be taken at all it’s up to the customer’s choice.
It seems obvious that this method of 2 factor authentication is flexible and convenient both for the company using it on its website and for the users visiting it.