The news is full of stories about how money and personal data has fallen victim to hackers. In fact, some estimates predict that cybercrime will cost $6 trillion by 2021. Luckily there are some easy ways to give your online life a security boost.
One of the most simple and effective ways is to activate Two-factor authentication (2FA) wherever possible.
The most common types of 2FA
SMS/Email
Pros
- Easy to use
Most people have a smartphone/email
- Free
Cons
Easy to hack (i.e. sim swapping)
Doesn’t work offline or without service
Most websites/services have this option available
Time Based One-Time Password (TOTP)
Pros
- Hard to hack
- Smartphone based
- Recoverable using codes
- Free
Cons
- Limited time to input the code
- Only as secure as the database where plaintext codes are stored
- Lose your device and all accounts have to be reset.
- Recovery requires multiple codes.
- Easy to phish
Example: Google Auth or Authy
Universal 2nd Factor (U2F)
Pros
Very secure
No time limit
Cons
- Expensive – around $50 for a key
Not in widespread use
Lose your key and you have to buy a new one and reset all accounts
Numio Authenticator
At Numio we have developed a new type of authentication, one that doesn’t require codes, is encrypted at every stage and can do more than just secure user accounts.
Pros
- Easy to use
- Instant
- Public-Key Cryptography
- No codes
- Secure from hacking and phishing
- Simple recovery for all accounts
- Smartphone based
- Free
- Linked to on-device biometrics*
- No current widespread use
How does Numio Authenticator work?
Unlike how it may seem when using Numio products, the Numio Authenticator background process is rather sophisticated. Not only that, but it is pretty groundbreaking, so it would be rather silly for us to give away the secret sauce.
So to explain how it works we have put together the most simple description possible, using a cryptocurrency exchange as an example…
- Authentication starts as soon as you request access to an exchange. The website requests an access code from Numio and then displays it as a QR code.
- You open up the Numio app and scan the QR code.
- Then you are shown the relevant information on the app and are asked “do you want to share your information with ‘ExchangeName’ so that you can login? — confirm this with fingerprint/face-id or PIN”.
- If you give permission to share your data with the exchange, then this information is encrypted, in-app, with public/private key cryptography into a neat little package.
- Your app sends the package to the exchange, who then forwards it to the account holders registered Numio ID.
- At this point your app will process the encrypted return message and verify that it is an authentic login attempt.
- If the request is authentic the app sends a success response to the exchange and you are granted access. If it’s not, then the response of a failed attempt is communicated and you are denied access.
For the user this is all done instantly at the touch of a button. It couldn’t be easier.
Want to learn more?
If you are interested in integrating Numio tech into your platform, having a demo, or simply want a chat with our devs, then please contact us at hello@numio.one or via one of the following channels.
