Last November 18 took place NASEC 2021, the Forum & Developers Challenge of Navarra organized by ATANA, with the sponsorship of Laboral Kutxa, the institutional support of INCIBE and the collaboration of Veridas.
The event took place at the headquarters of the Confederación Empresarial Navarra (CEN) as an initiative to raise awareness among companies in Navarra about the importance of having cybersecurity tools and to recognize and make visible the critical work of the technicians who deal with the security of institutions and companies.
Veridas had essential participation in the event, as we were in charge of the organization of the Cybersecurity Challenge that we talked about in this blog article, and the Forum where Gorka Sanchez, our CISO & Director of Operations, spoke about the new authentication factors and the need to adopt them, leaving a solid conclusion: The security we have, both individuals and companies, is apparent.
Finding ourselves in the Digital Transformation era, we urgently need new authentication factors that allow us to interact with companies and individuals securely, finding the perfect ally to achieve it in biometric technology.
At Veridas, we believe that the combination of biometrics and Artificial Intelligence are the only formula that improves security and user experience while allowing companies to optimize costs. What we call the magic triangle of Security, User Experience and Cost Optimization.
Cybersecurity affects us all; as individuals and as businesses
The number of interactions we make digitally is increasing exponentially. We are increasingly looking to reduce the number of procedures that require our physical presence, preferring to do everything remotely, thanks to the tremendous technological and connectivity advances; something that, despite improving the user experience, has become a focus of crime: in 2020, the number of scams reported for cybersecurity in Navarra was 40% higher than in the previous year, reaching 4,000 reported scams.
But all these figures do not only affect individuals but also entities and companies, being able to even, at a given moment, destabilize and put at serious risk the future of the same; taking into account that the average ransom paid for a cybersecurity attack is around 260 thousand euros.
Despite the above, today, 43% of SMEs do not implement a reasonable security base, which resulted in that in 2020, one out of four companies suffered some cybersecurity-related attack.
For these and other reasons, the market, companies and users are demanding security solutions that put a definitive end to this type of situation. But what is the best way to increase security in user authentication?
Your email, an open secret
The traditional authentication method, a technique that continues to be used in the vast majority of circumstances, consists of providing a username and password to browse and carry out procedures in an authenticated manner on the web. These credentials should only be known by their legitimate owner.
However, given that most Internet systems require an e-mail-based registration, this authentication method is becoming insufficient since the user and password granted become the access “user” of many of the spaces where we browse daily. The aforementioned makes the security of our data in most of the systems on the Internet become the same as the security of our email service.
“Email, which used to be something that only the person you gave it to should know in order to exchange emails, is now an open secret,” said Gorka Sanchez.
Disadvantages of passwords
The only barrier that prevents someone from accessing a system is passwords. However, it cannot be considered a perfect authentication procedure either, as it is a method that is not secure:
- not secure: we end up re-using the same or very similar, simple or repeated credentials in order to remember them. This dramatically reduces security.
- uncomfortable for the user: among other things, security policies require frequent rotation and the use of complex, non-repeated passwords, which make them difficult to remember.
- ineffective: passwords are easy to breach and sometimes easy to steal; theft through MITM attacks, data breaches of sites with passwords stored in the clear, attacks on passwords, etc.
“Passwords are a factor that we have used a lot as a method of authentication, but it suffers from many problems,” explained Gorka Sanchez.
How to improve your security? Strong authentication: two out of three
Strong authentication, Sanchez said in his speech, is authentication that requires the use of at least two authentication factors (2FA) chosen from among these three groups:
- Knowledge: something the user knows, such as a password or PIN.
Disadvantage: the security of passwords is deficient, as discussed above.
- Possession: something the user possesses, such as a debit card or a message to a cell phone.
Disadvantage of OTP-SMS: nowadays, it is not difficult to find cases of identity theft, cloning of user SIMs or messages intercepted by Trojans, among others.
- Inheritance: something inherent to the customer, such as the face, voice or fingerprint.
Depending on the operation to be performed, the factors must be combined, including more factors the higher the risk.
The use of enhanced strong authentication for payments is encouraged by Royal Decree-Law 19/2018, which approved the transposition of Directive (EU) 2015/2366 that made it mandatory to use strong authentication no later than January 1, 2021.
In addition, 2-factor authentication (2FA) meets the requirements of the European PSD Regulation2, which requires a mechanism designed to strengthen the technical specifications for user identity verification for payment services.
Inheritance: the factor that increases security
The clear trend and market demand is the progressive reduction of passwords, with biometric factors (voice or face) being postulated as the perfect complement, being inherent and incapable of being supplanted, which makes them very secure and convenient.
The advantages of biometrics include:
- Privacy: it belongs to you and no one else. It cannot be spoofed, cloned, or intercepted.
- Security: it allows us to move from presumption to certainty. We are sure that the user is who he/she says he/she is, taking into account the previous advantage.
- Voluntary: it is the user who has the decision to make use of it.
Moreover, there is no need for complex technology to make use of biometric factors. “The smartphone we all have in our pocket already carries enough hardware to be able to use them,” explained Gorka Sanchez.
Veridas: technology owners at the forefront
Veridas is a SaaS company that offers solutions to verify people’s real identity in the digital space. We develop solutions so that companies and organizations can solve cybersecurity problems and interact digitally with companies and individuals securely.
“Our mission – explained Sánchez – is to provide technological solutions to companies that allow them to know with certainty who they are interacting with through a digital channel. Therefore, for more than four years, we have been manufacturing our own software that allows us to verify people’s identities so that they can later authenticate themselves in any operation they want to carry out. And we do this by developing our own technologies for facial biometrics, voice biometrics and for global document verification”,
We believe that the combination of biometrics and Artificial Intelligence is the only formula that improves security and user experience while allowing companies to optimize costs: “It is not only security that our customers are interested in. Biometric authentication also has to be convenient to use and cost-effective. This is what we at Veridas call the magic triangle of Security, User Experience and Cost Optimization,” concluded Gorka Sanchez.