User-friendly Symbol-to-Accept provides the same great user experience as Push-to-Accept, while closing critical security gaps
We all know the saying, “You’re only as strong as your weakest link.” It can apply to cybersecurity in countless ways, which is one reason why designing a secure infrastructure requires expertise and the right tools. It only takes one employee to fall for a phishing scam, or one stolen set of credentials to potentially open the door to an attack. And it only takes one vulnerability in an otherwise great authentication workflow to do the same.
Take your typical Push-to-Accept solution, adopted by countless organizations with its ease of use and simplicity. As a form of two-factor protection, it’s designed to make the user take an extra step that authenticates their identity. They log into a protected resource with their username and password, and a notification is sent to their phone. If it’s legitimate, the user hits the ‘Accept’ button. If it’s not, the user hits ‘Deny’.
That’s the theory, anyway. The reality is a little different, which is why SecureAuth has introduced a new, more secure mobile authentication method called Symbol-to-Accept.
As you know, we’re all about empowering organizations to confidently verify identities without disrupting or inconveniencing the user. Symbol-to-Accept helps overcome a significant security gap in all other Push-to-Accept solutions in the market.
Like all smart criminals, attackers understand human nature very well. They know that once someone is conditioned to perform the same action over and over again, it becomes automatic. It stops becoming a thoughtful task requiring active attention, and barely registers in the user’s consciousness. It’s this dynamic that makes Push-to-Accept ripe for exploiting. The attackers bombard the user with requests until the annoyed user finally hits “Accept” just to make the requests stop.
(Watch as a hacker discusses how he defeated Push-to-Accept in 6 out of 6 attempts)
Some users may stop and think, “Wait, I’m not doing anything that would launch this request – why did I get it?” But other users will assume it’s a random harmless misfire, or part of a continual authentication process. Some users, absorbed in other tasks, will simply click through it without thinking. In every case, these users usher attackers with valid credentials right through the front door.
And just like that, the two-factor solution has been defeated.
Symbol-to-Accept: A Smarter Form of Two-Factor Authentication
A unique patent-pending technology, Symbol-to-Accept offers the same great user experience, but erases that dangerous security gap. How? By requiring a more thoughtful action, the way two-factor authentication is actually intended to work. Let’s take a look.
With Symbol-to-Accept, the user once again must respond to a request for authentication. This time, though, they’re not merely asked to hit an ‘Accept’ or ‘Deny’ button. Instead they’re asked to validate their identity by selecting a symbol or letter on their mobile device that matches the one shown on their browser. For instance, the user is shown the “Z” on the computer screen. The mobile application presents four random symbols or letters and asks the user to press the corresponding one.
This technique requires a cognitive step that forces the user out of any habit or conditioning. By being asked to match the symbols or images on different devices, the user cannot unwittingly comply with a fraudulent request. They must know what to choose – and if they can’t, they are alerted to realize that the request is unsolicited and may signify their credentials have been stolen.
Another Step into the Future of Security
Going passwordless is increasingly becoming a bigger part of the cybersecurity conversation and Symbol-to-Accept represents an important innovation in that space. Human behavior has always been an ongoing weakness in security, but the right technology can help overcome that weakness. Symbol-to-Accept provides an efficient, user-friendly authentication technique which, partnered with SecureAuth’s adaptive authentication controls, can strengthen your security and stop attacks - without introducing additional complexities.
It’s been a busy year for us at SecureAuth in terms of new innovations. But we’re not done yet! 2017 is going to bring even more developments, so keep an eye on our announcements – and take advantage of Symbol-To-Accept to close the security gaps in your organization. Contact Us to talk to our security experts today.