Towards Smartphoneless authentication
Smartphones have long been recommended for the convenience they offer, and there's no denying their tremendous impact on the user experience. As part of a multi-factor authentication solution, while they may be a popular choice, experience has shown that they may not be the most secure way to protect your systems and data. Let's take a closer look at Smartphoneless.
In 2021, cyberattacks reached a record high and a new attack is reported every 39 seconds¹. It's now more than clear that complacency is no longer an option. if you want to stay ahead of the curve when it comes to cybersecurity. So why move away from mobile authentication and move to Smartphoneless?
What are the challenges regarding mobile authentication?
Challenge #1: Mobile Authentication requires you to have, or provide, a mobile phone
First things first, Mobile Authentication requires users to have a smartphone. So for end-customer authentication, it’s not always a suitable option as they don't all have a compatible smartphone. As for employee and partner authentication, companies are increasingly resisting the provision of smartphones – aiming to reduce costs and logistics issues.
Challenge 2: Mobile authentication is vulnerable to certain cyber attacks
Many concerns have been expressed about the risk of compromising mobile devices. When authenticating via SMS OTP, there is a risk of information recovery via SMiShing (SMS phishing attack). As for authenticating via Authenticator app, there is a tendency to forget about fatigue attacks MFA. A cyberattack that tricks users into allowing access to the device due to an overload of push notifications.
In 2020, SMS phishing attacks (SMiShing) increased by 37%. And depending on the number of mobile devices, this type of attack can cost up to $150 million².
What is Smartphoneless authentication?
You may be wondering what we mean by smartphoneless authentication. Quite simply, this is a way to verify a user’s identity without recourse to a smartphone. It’s an alternative way to use multi-factor authentication (MFA) when you don’t have, or don’t want to have a smartphone as part of the process to authenticate/login. This can be done combining:
- a knowledge factor (such as a PIN) or an inherence factor (such as a fingerprint),
- with a possession factor other than a mobile.
Most of the time we think of the desktop token? Still, you'd be surprised to hear that there are other alternatives, like the browser token for example.
Do not overlook the benefits of removing the equipment constraints that comes with the mobile authentication.
Why switch to Smartphoneless authentication? What benefits?
More and more organizations are starting to make the change to smartphoneless authentication because in many instances, the smartphone itself can cause constraints – not just for users, but for developers and integrators as well.
In fact, by allowing users to authenticate and access their apps, network and data without the need of a mobile device there are a number of valuable key benefits:
Unburdens users of the need to rely on a mobile
By not being reliant on a smartphone means you are not tied to a specific and additional equipment other than the device you are trying to log on. Besides, imagine that your mobile ran out of battery, what a disastrous login experience...
Reduce the logistical burden for IT teams
This advantage is particularly important for employee access. Indeed, from an administrative point of view, it implies less logistics to equip and update the users' equipment.
This reduction in workload and equipment requirements results in lower costs for companies.
Protect yourself from targeted attacks
Smartphoneless authentication allows to protect against certain attacks such as SMS phishing (SMiShing) or fatigue attacks MFA performed through mobile push.
Will Smartphoneless authentication become the new standard?
It's not surprising that organizations want to implement changes so that they can reduce their level of risk and improve their business processes.
Gartner predicts that by the end of 2022, digital businesses that offer smooth and easy authentication journeys will have 10% more revenue than their competitors who do not.
One thing is for sure, users will quickly adapt to the freedom of not being tied to their Mobile to be able to connect to their apps and data.
Deviceless or Smartphoneless authentication?
Deviceceless counts + 3 advantages versus Smartphoneless
Deviceless facilitates and secures BYOD ("Bring Your Own Device")
Work habits are changing and more and more personal computers are being used for business purposes. Deviceless removes the security risks associated with BYOD and secures all access to internal applications and networks. No smartphone or business laptop are required, just a browser.
Easy to configure and use
Importantly, this new user authentication method requires no installation and can be deployed on a large scale in a few clicks. A real boon for integrators.
A very good way to provide secure multi-user connections
The same browser can be used by different users who will all have their own authentication. For organizations reliant on shared computers, this is a great benefit, ensuring both a high level of security and the ability to identify each and every user accessing the system.
What technology is behind the Deviceless?
inWebo’s MFA technology has been designed to ensure that even if it is manipulated by third parties, it will be impossible to use: instead of using a simple cryptographic key, as all other MFA solutions do, inWebo has made their keys dynamic and random. A unique and patented technology.
With the browser token, the cryptographic keys are stored in the user's browser rather than on their computer. And these keys change randomly each time the user generates a OTP at the point at which he or she wants to connect to the system.
This way, once the keys have been used, they can’t be used again, so they are completely useless to anyone trying to ‘hack’ the system. Each user identity is protected, and the likelihood of security breaches is drastically reduced, especially as the Browser token is the most secure against phishing attacks.
The future will be Deviceless
We’re all looking for innovative ways to ensure the security of our systems and processes, but we also want to make sure our users have a simple experience.
An authentication process that allows for both of those things, as well as reducing SMS phishing, reducing costs and logistics and is simple to set up and use, certainly seems like something worth investing in.
What is Smartphoneless?
Smartphoneless is a way of authenticating, i.e. verifying a user's identity, without the use of a smartphone. It is an alternative way of using multifactor authentication (MFA).
How to perform a Smartphoneless authentication?
Smartphoneless authentication is done through a MFA using a knowledge factor (PIN) or an inherent factor (fingerprint) combined with a possession factor other than the mobile. Most of the time, smartphonless is done using a desktop or laptop token. But there is also an alternative technology that allows authentication with a browser token.
How to avoid SMS phishing, or "smishing"?
In the case of authentication by OTP SMS, the elimination of the use of cell phones, thanks in particular to Smartphoneless, makes it possible to avoid the risks of phishing attacks by SMS, or "smishing".
Our latest news
The terms "authentication" and "authorization" are fundamental concepts in IAM and CIAM. They form the framework of cybersecurity. Their proximity in meaning and pronunciation...
With the rapid evolution of technology, there is a massive migration of industries and large organizations to the cloud. Almost all resources, data and other entities...
Have you ever heard of MFA prompt bombing? It's the topic of the moment in the cybersecurity field. This technique was recently used against Uber by the famous group of...