How to Implement a More Secure Identity Authentication Solution (Part 3)
In my previous articles, I talked about why business and consumers must rethink their password-protection strategy and the alternative methods of identity authentication available. Now here’s how Verizon approaches the issue.
Patrick Coomans, Sr Identity Strategist, Verizon
Verizon offers a managed service called Universal Identity Services that provides secure authentication, but also, and most importantly, convenience. Users can opt for one or more different methods to authenticate, including SMS, Interactive Voice Response, hard token and soft token. Customers can also access the soft token as an app on their smartphone, tablet or computer.
The latest addition is authentication using a quick response (QR) code. In addition to offering traditional two-factor authentication, participating websites can also show a dynamic QR code on the login screen. All the user has to do is scan the QR code with his or her smartphone using the Verizon Universal ID mobile app. The user is then shown an accept/decline pop-up within the app (with website branding) where they can choose to confirm or cancel. This helps reduce the risks of phishing attempts and provides an out-of-band authentication mechanism.
Depending on the website’s required authentication strength, this may be all a customer has to do to gain access. However, if an extra factor is needed for higher-value transactions, the app asks users to enter their Universal Identity Services PIN code or password before concluding the transaction.
Note the convenience — logging into the website didn't require the user to type anything at all. The whole transaction (scan > confirm > enter optional PIN/password > done) took place on a smart device.
The bottom line is, many consumer websites haven’t implemented more secure authentication methods because, up until now, the options available have been cumbersome to operate or lacked usability. But as technology continues to advance, it is becoming easier to implement authentication solutions that are simple and easy to use and that won’t deter users from accessing a website’s services. User name and passwords alone are not enough — and there are few reasons why additional complementary authentication methods can’t be brought into play.