Understanding Secure Authentication Methods

Different approaches to secure authentication relate to user security and accessibility. Each approach has its advantages and disadvantages, but the key is to find and provide the right balance between secure authentication methods.

Knowledge-Based Authentication (KBA)

Knowledge-based authentication (KBA) is the most common form of security measure. This typically consists of a username and password at the most basic level with additional questions often supplementing this basic data. These are supposed to be things that you would know but others wouldn’t, such as your mother’s maiden name, your high school mascot or the street you lived on as a child.

A stranger wouldn’t know the answer to any of those questions off the top of their head. However, the utility and security of knowledge-based authentication apps seem to have an inverse relationship with the amount of data available on the internet. The more data that becomes available, the less secure KBAs are.

Thanks to social media, aggregated consumer information databases, and a host of other services that live in a cloud platform (i.e. Ancestory.com) finding out basic details about virtually anyone is a few keystrokes away. Even the most secure database with 256-bit encryption can’t do anything about a malicious user who correctly guesses another person’s credentials.

Relying solely on KBA security is like putting a bowl of candy on your front porch for Halloween with a sign that says “Take 1” and hoping everyone complies. Sure, most kids will abide by your request, but there could be a high schooler who dumps the entire bowl into their pillow case, then moves  on to the next house.


Two-Factor Authentication

The thinking behind two-factor authentication is that you have a physical item that serves to verify your identity. This can take many forms such as a computer, tablet  or a mobile phone.  Whatever it is, it must be an item that is unique to a specific individual.

Items that possess USB, RFID or Bluetooth connectivity can generate dynamic keys that a user needs to enter, in addition to login credentials, to gain access to information. Pairing two-factor authentication with another type of authentication in cyber security (i.e. knowledge-based application or voice biometrics) is known as two-factor authentication because two different measures must be met before granting access. For example, some companies issue key fobs to employees, but this can be expensive when it comes to managing and tracking all of the devices and users.

The ease and accessibility of mobile phones have made this a bit easier, especially as companies convert to bring your own device (BYOD) practices. Instead of employees relying on a key fob that stores cryptographic information to gain access, it is possible for the company’s security system to send a message to the employee’s smartphone. Then, the employee enters a confirmation code before proceeding with entry.

No matter what type of device is used for secure authentication, there remains the possibility of loss or theft of a device. This is another drawback of relying on a physical token for secure authentication and security purposes.

Physical and Voice Biometric Authentication

Our biology is the most unique differentiator on an individual level. No one has the same fingerprints, voice pattern or retinal scans. All three of these anatomical features are unique to each person and can be used for secure biometric authentication. Not only does biological uniqueness make biometric authentication more secure, but there is no need to memorize credentials or carry a device. 

Just like technological advances, device-based authentication is easier with mobile phones, and it has made biometric authentication more accurate and reliable.

If biometric data is stolen, it is much more difficult for people with malicious intent to use this data. It’s not like in the movies where the bad guy cuts off a hand and puts it on the scanner, or makes a fake contact lens to fool the eye scanner. The sensors that power these types of interfaces are designed to detect fakes. Even voice biometrics software, which can be easily deployed over the phone, can detect impersonators, recordings or synthetic voices.

Voice biometrics technology verifies the identity of a speaker.  It’s also known as voice recognition, speaker recognition, voice printing and voice authentication. At Plum Voice, we call this group of technologies “voice biometrics” in general.


Authentication Methods for Companies

With three distinct approaches to security and multi-factor authentication, which method should a company choose? While resources undoubtedly contribute to this type of decision, most companies already employ some sort of knowledge-based application. It’s what people know and are accustomed to. This may seem adequate in presenting security and trust, even with additional KBA security questions to serve as backup, but more can be done..

Multi-Factor Authentication

To earn users’ trust when it comes to security, companies should implement two-, or multi-factor authentication. The latter could include multiple forms of biometric authentication in addition to KBA or object-based security measures. This augments the KBAs that already exist with a combination of what you have or what you are. The more types of required authentication, the more secure the system is.

Migrating to Two-Factor Authentication

How do you know when it makes sense to make the move to two-factor authentication? As an example, start with any entity that deals with medical or financial data. These types of data are the most frequently targeted, and valuable on the black market; therefore, they should be placed high on the list of data to protect because they contain your most personal and private information. When stolen, they have the potential to cause the greatest amount of damage to your reputation and financial status.

Social Media Two-Factor Authentication

Next, let’s look at social media platforms such as Facebook, Twitter, Instagram and other large data aggregators. These are the most common sources that criminals mine to subvert your KBA credentials. Setting up two-factor authentication for account access is a good idea on these platforms. 

Businesses should apply the same logic for any software or platforms that they access through cloud service providers. They should also scrutinize the security practices of their associates and vendors who may be accessing their portals or domains. By holding others to the same high standards for security as your business,  creates a secure environment in which all users can be trusted.

Plum Voice Authentication Solutions

Our secure cloud infrastructure, paired with their PCI-DSS, SOC 2 and HIPAA compliances, provides  developers and users with reliable security when using their toolkit. Plum Voice has helped numerous financial, insurance and healthcare clients protect their data while giving them an easy-to-use, low-code platform