What is the preferred authentication method?

In recent years being able to prove who you are has become more important. Companies and online services need verification and use different methods for you to do so. We started with increasingly complex passwords, but more and more are looking at 2-factor-authentication, or even multi-factor-authentication. But what method is actually preferred, both from a security and user-experience perspective?

Having passwords that are so complex that you can’t even remember them yourself has lately proven to be a rather poor method of securing your online accounts. Bill Burr, the former manager at National Institute of Standards and Technology (NIST), created the password-guide that is used today to find a secure password. The problem is that the guide was produced in 2003, and Burr now says that he didn’t really understand how passwords worked during the time. The guide that is being used today actually doesn’t ensure safe passwords. A better method of creating safe passwords is to put together three or four unrelated words, resulting in a longer password without being unreasonably difficult to remember.

But having just a password to verify your identity has proven to be insufficient, just look at the Heartbleed bug a few years ago where thousands of passwords were leaked. Through the years there have been several reports where passwords have been compromised by hacks or simple errors. So, in order to stay safe, there should be some other method of proving you are really you.

The answer has come in the form of 2-factor authentication, where you use your password to login to an online account, and then get prompted on a different device (often your mobile phone) to authenticate that you are attempting to log in to that account. This ensures that you are really you, or at least in theory. Many started using text messaging to send a passcode that you entered to verify the login. But lately there have been numerous reports of such text-messages being redirected to a different phone, and thus the authentication process is yet again insecure.

Many companies, such as Google, have therefore created their own app that ensures that the verification code is only sent to that specific phone. In countries such as Sweden, the banks have joined forces and created a Bank-ID that is linked to the citizen’s personal identification number. The problem with these is that they do not work globally or universally across platforms. In Google’s case, the service provider must then use Googles authentication, and thus their login-system, something that might be undesirable for many service providers. In the case of the Swedish Bank-ID, you must have a Swedish personal number and also have a Swedish bank account.

In other cases, the verification process often requires several steps, which then becomes a hassle for the user. This reduces the willingness to use the verification system. Since people tend to use the path of least resistance, the user experience must be at the centre of the system. If the process of logging in to your account isn’t easy, then you will probably use a less secure method instead.

With Covr, you can offer your users a safe way of authenticating themselves and authorizing transactions via an app on their smartphones
With Covr, you can offer your users a safe way of authenticating themselves and authorizing transactions via an app on their smartphones

Developing a universal and global multi-authentication system that is secure and easy to use is, therefore, something that is desired and urgent. Luckily, we are now seeing several such systems being developed, and the one that is currently leading the charge towards secure and easy online verification is Covr Security. They are a Swedish company that has used the experiences from the Swedish Bank-ID to create a system that is non-affiliated to a vendor with their own agenda and works around the globe. The system is easy to use, easy to implement and ensures the highest level of security. Simply put, it offers all that you could ask for in a multi-factor authentication system.

Covr visits Israel to learn from their very active start-up scene

If you would list the three main start-up scenes in the world that produce more Unicorns (+1 Bn USD companies) than any other, you would probably mention Silicon Valley, Sweden, and Israel. So, for a start-up tech-company in Sweden, it makes perfect sense to visit one of these hubs to learn from their experiences. In the next week Covr is doing just that, and the reason? To make smarter decisions and better business in a global market!

In today’s interconnected world, networking is one of the primary skills you need to master. Both companies and business gurus talk more about collaboration than competition, and as a company, in a small market, you quickly need to expand your network on an international market. Covr is, therefore, taking a trip to Israel to exchange ideas, get inspiration and gain insight into how companies on similar, yet somewhat different, markets do things. The Swedish and Israeli market is similar in the sense that they both are too small for a company to make it on that market alone. As a start-up, you must see yourself as a global company from the start, but that also brings a lot of new obstacles and challenges. To then take the opportunity to learn from others in similar positions is nothing but a smart investment for your future business development.

Peter Alexanderson, Founder of COVR Security, speaks in Tel Aviv Fintech week, 5th of March 2019.

Covr’s networking trip will hopefully generate ideas that will position the company for a rapid, and profitable expansion, as they are gearing up to bring their security solution to the global market. However, there’s a considerable difference between expanding globally with the experience others have already gained, or going at it alone, much like learning how to drive with or without a tutor. Preferably the earlier before the latter.

We look forward to hearing the tales and lessons learned, and above all to see them implemented, as Covr takes identity validation and digital security to the next level for individuals and companies around the globe.