Mitigate cybersecurity threats with MFA
While massive data breaches affect the security of billions of people worldwide, access control has turned into a global issue, which demands perpetual progression and collaboration between defense practices. This includes authentication as a means of protecting account security. In this blog post, we review how typing biometrics used for Multi-Factor Authentication (MFA) is a frictionless and affordable online privacy protection method.
Strong Customer Authentication (SCA) requires MFA
Strong customer authentication has been enforced by compliance regulations (EBA/PSD2, NIST, PCI DSS) to protect users online. It implies that during login, in addition to the password, users should undergo a second authentication measure (2FA). A multi-factor authentication framework (MFA) combines 2 or more different types of authenticators, which, even though they are all used with security in mind, they differ significantly.
Evaluating available MFA solutions (knowledge, possession, inherence)
We should evaluate these factors based on the level of security they provide, the cost to the business, and how they affect the user experience (UX). There are three main categories of identity evidence that can be applied. These categories are based on one of the following elements:
- knowledge (something we know such as passwords, or answers to secret questions)
- possession (something we have like email or SMS codes, or OTP)
- inherence (something we are which is biometrics)
Knowledge-Based Authentication (KBA) is quickly becoming irrelevant with more than 81% of confirmed data breaches being attributed to weak, default or stolen passwords. Therefore, PINs and passwords are not strong enough. If passwords are too complex, people might forget them, and if they are too basic, they are easily guessable. Using “something we know”, like answers to secret questions, is also less reliable because answers can be found online or stolen through social engineering such as spear phishing, baiting, and pretexting.
Similarly, possession-based authenticators such as one-time passwords or SMS verification are vulnerable security measures. SIM Swaps allow hackers to access and use personal information found online to convince telecommunications companies to change users’ phone numbers to their phones. Moreover, the National Institute of Standards and Technology no longer recommends SMS for 2FA, as it can be easily intercepted.
Most biometrics, also known as “what we are” metrics, such as fingerprint, voice or face recognition, only appear to be secure. Yet, more in-depth scrutiny indicates their susceptibility to being relatively easily hacked. For example, our voices are easily recorded, and we leave fingerprints everywhere we go. Even when it comes to face recognition, our faces are revealed to CCTVs whenever we look around. Besides being easy to spoof, most biometrics require additional hardware, implying higher costs for businesses.
What is typing biometrics?
By capturing and recording people’s unique typing behavior and transforming it into patterns, the technology leverages machine learning to build a user’s profile. This unique typing pattern is then matched against previous samples. During login, when end-users type their credentials, a matching score verifying their identity is released.
Typing biometrics complements MFA in a user-friendly and secure way
Typing biometrics is a great alternative for authentication. As a frictionless additional security layer, it maximizes security by using the unique user typing pattern which is almost impossible to replicate. Spoofing can’t perfectly emulate the way someone types, so typing biometrics minimizes the risk of data breaches.
Typing biometrics also drastically reduces costs, requiring only an existing keyboard to perform, and no maintenance costs as typing behavior rarely change.
The issue of user-friendliness is also minimized. Typing biometrics don’t require the user to undergo any additional steps to authenticate but to write a short text which is usually in the form of credentials, preventing unauthorized account access from the start in a frictionless, and passive manner.
Typing biometrics is a reliable and noteworthy option for MFA
- Delivers high security
- Prevents unauthorized access to a user’s account
- Is very difficult to spoof as typing patterns are unique
- Customizes the sensitivity rate of the matching algorithms to meet security requirements
- Complies with regulations – EBA/PSD2, NIST, PCI DSS
- Quickly integrates with other systems, using only an existing keyboard
- No SMS/email costs
- No maintenance costs
- no supervision required as typing patterns can’t be lost/forgotten
- No hardware costs – no scanners, gadgets or tokens
- Able to be easily scaled
- Reduces friction
- Used as 2FA with email/OTP
- No extra effort for the user – using the same device for MFA
- Provides seamless user enrollment – works in the background
- Works with low bandwidth internet
- Works on both mobile and desktop