Web Blog_blogentry_090217_1


Passwords just Do Not Scale#

We have all heard the Common Password Quality rules:
  • Create unique passwords that that use a combination of words, numbers, symbols, and both upper- and lower-case letters.
  • Avoid using the same password at multiple Web sites.
  • and several more..
So if you have 27 passwords, an average Ldapwiki found somewhere, and another statistic was 35% are not using strong enough passwords.

A strong password can be generated at passwordsgenerator.net (Funny the site is not secure no HTTPS) looks like:

So no Human will ever remember such a thing and many "Secure Sites" may not allow some of the characters within the password or not allow 16 characters.

So we need 27 of these passwords for the average person. NOT GOING TO HAPPEN!

Generally sites would be better off requiring a password and Multi-Factor Authentication.

Mobile Device and Authentication in Financial Organizations#

Conclusion[1] Americans are spending a growing share of their digital time on mobile. According to recent data released by KCPB, adults in the United States spent 5.6 hours per day on their Mobile Devices in 2015, an amount of time that has grown at a compound annual growth rate of 10.98% since 2008. Financial institutions are scrambling to offer consumers mobile access to their products and service that is comparable to access available via the online Web available through the desktop computer since this is the experience consumers have come to expect. This shift to mobile has placed financial institution’s security and authentication needs in a state of flux as the FIs experiment with new ways of delivering banking services securely through the mobile channel.

In addition, each financial institution has its own unique view of risk and requires solutions that can be customized to fit its risk management governance model and often individual product risk profiles.

Financial Institutions recognize that they need more sophisticated fraud management and identity verification processes than user ID and passwords alone. Biometric identification through fingerprint, voice, and facial recognition is of growing interest as a way to balance security with improving the user experience. However, Biometric tends to come later in the fraud detection value chain. Early in the process, financial institutions need to be able to balance the need for enhanced risk processes with the all-important customer experience. Creating too much friction in the account acquisition or on-boarding process is noncompetitive, as financial institutions know. What they need is thus multi layered authentication workflows that allow them to apply rules in a logical manner that prevents unnecessary input or verification steps. Mobile is also opening up new tools to fight fraud, as these devices come with a range of sensors that allow a much deeper understanding of who the user is (i.e., the user’s identity and patterns of behavior). FIs are looking to build capabilities that address this aspect by investing in solutions that leverage geolocation, for example, and other relevant data.

The increased sophistication of cutting-edge software solutions to fight fraud brings financial institutions the opportunity to use these tools to build mobile identities with carrier data for their account holders. By creating a more nuanced and complex identity, one that incorporates personal, device-dependent data and location data into a comprehensive view, will allow financial institutions to provide a far more seamless experience for the “good” consumer and allow faster and more effective identification of fraudulent account activity.

Balancing Authentication Simplicity and Security[2]#

When it comes to verification/authentication, the key to keeping the process convenient for the mobile consumer is to ensure that the solution can do the following:
  • Keep the consumer in the mobile channel
  • Take place in near real-time with little lag
  • Require little to no manual data entry from the user
  • Run in the background and remain invisible to the user (as much as possible)
  • Pair with an additional layer of security (e.g. biometrics) for a second factor of authentication
Using these five guidelines for end-user convenience, most organizations can create a mobile authentication process that is both simple and secure.

By creating a secure mobile ID verification process that is also a convenient experience for customers, financial marketers enable customers to move through the buying process more quickly, while at the same time keeping fraudsters out. They are also able to reduce or eliminate costly manual reviews, which in turn, helps keep the overall cost of acquisition and managing customer relationships lower. Further, mobile ID verification/authentication meets Know Your Customer (KYC) and other compliance requirements.

Mobile ID verification can also make the digital account opening process easier on customers and improves the experience by allowing them to stay in the mobile channel for ID verification. This varies from other ID verification methods, in which users would typically need to leave the mobile channel to send a scanned copy of their ID documents to the business through unsecure email or fax channels or even visit the branch office.

It’s important to note that user experience is key for customer acquisition and mobile on-boarding. With a mobile ID verification user experience that is just as quick and easy as mobile users expect, digital marketers are able to improve the customer journey metrics for mobile self-service and boost customer satisfaction.

More Information#

There might be more information for this subject on one of the following: ...nobody