Are Usernames, Passwords and SMS-based Two-Factor Authentication Now Outdated?
This guest post was contributed by Lucy Appleby. If you would like to be featured on the Civic blog, please contact us with an article topic or draft proposal. Nothing in this article consitutes investment advice, nor does it imply endorsement by Civic for Token Generation Events or ICOs.
Usernames and passwords are not the be-all and end-all of online security. In fact, they’re not even that good at what they’re supposed to do to begin with because there are a lot of ways to get around them, especially for seasoned hackers. This is most likely the reason why companies like Google and Facebook started asking their users for a mobile number where their servers could send verification codes in case of suspicious account-related activities or requests. Unfortunately, this method of two-factor authentication via SMS isn’t as secure as everyone originally thought, either.
The good news is that biometric methods of identity verification have become much more accessible to the average user in recent years and trust networks are spearheading the evolution of identity verification.
First up: biometrics. Just a decade ago, devices like iris scanners were only used in facilities that required high levels of security. Nowadays, however, biometric technologies have become so readily available that they are being used for simple everyday tasks like unlocking smartphones and other mobile devices. This, in turn, has made usernames, passwords and SMS-based two-factor authentication much less useful than they were before.
A more recent addition to the mix, trust networks like the one used by Civic, on the other hand, are groups of interconnected identity-verified users, identity data verifiers and identity data requesters. Their main goal is to significantly reduce the risk of online identity theft and scams by only allowing verified users to participate in the network. Add that with a token behavior model governing the ecosystem and it becomes virtually impossible for members to dupe one another.
Take initial coin offering (ICO) scams, for example. By choosing to participate in token generation events or ICOs that belong to a network of trusted parties, you could reduce your risk of falling for one. After all, a scammy token offering is less likely to go through KYC processes and work with trusted 3rd parties.
Aside from verifying the identity of ecosystem members, companies like Civic are also using blockchain technology to better secure user data. By leveraging the cryptographic capabilities of blockchains and locally stored data on user devices protected with biometrics, the technology makes it extremely difficult for external parties to gain access to, make sense of and manipulate anything worthwhile.
A better way to get verified
At the end of the day, both biometrics and trust networks like Civic’s present a more secure and convenient alternative to traditional identity verification methods. They pretty much do everything that usernames, passwords and SMS-based two-factor authentication can do, but without all the security risks. And, considering how much more accessible these new technologies are becoming, it’s only a matter of time before they become the new standards in online security.