Defending your online world

The news is full of stories about how money and personal data has fallen victim to hackers. In fact, some estimates predict that cybercrime will cost $6 trillion by 2021. Luckily there are some easy ways to give your online life a security boost.

One of the most simple and effective ways is to activate Two-factor authentication (2FA) wherever possible. 

The most common types of 2FA

Two-factor authentication is, in general, offered in three different flavours, SMS/Email, Time-Based One-Time Password (TOTP) and Universal 2nd Factor (U2F).

SMS/Email 

Pros

  • Easy to use
  • Most people have a smartphone/email

  • Free

Cons

  • Easy to hack (i.e. sim swapping)

  • Doesn’t work offline or without service

  • Most websites/services have this option available

Time Based One-Time Password (TOTP)

Pros

  • Hard to hack
  • Smartphone based
  • Recoverable using codes
  • Free

Cons

  • Limited time to input the code
  • Only as secure as the database where plaintext codes are stored
  • Lose your device and all accounts have to be reset.
  • Recovery requires multiple codes.
  • Easy to phish

Example: Google Auth or Authy

Universal 2nd Factor (U2F)

 

Pros

  • Very secure

  • No time limit

Cons

  • Expensive – around $50 for a key
  • Not in widespread use

  • Lose your key and you have to buy a new one and reset all accounts

Example: Yubico

Numio Authenticator

At Numio we have developed a new type of authentication, one that doesn’t require codes, is encrypted at every stage and can do more than just secure user accounts. 

Pros

  • Easy to use 
  • Instant
  • Public-Key Cryptography
  • No codes
  • Secure from hacking and phishing
  • Simple recovery for all accounts
  • Smartphone based
  • Free
  • Linked to on-device biometrics* 
 
Cons
  • No current widespread use
 
*Numio biometrics is done in app and is never tied to any photos.

How does Numio Authenticator work?

Unlike how it may seem when using Numio products, the Numio Authenticator background process is rather sophisticated. Not only that, but it is pretty groundbreaking, so it would be rather silly for us to give away the secret sauce.

So to explain how it works we have put together the most simple description possible, using a cryptocurrency exchange as an example…

  1. Authentication starts as soon as you request access to an exchange. The website requests an access code from Numio and then displays it as a QR code.
  2. You open up the Numio app and scan the QR code.
  3. Then you are shown the relevant information on the app and are asked “do you want to share your information with ‘ExchangeName’ so that you can login? — confirm this with fingerprint/face-id or PIN”.
  4. If you give permission to share your data with the exchange, then this information is encrypted, in-app, with public/private key cryptography into a neat little package.
  5. Your app sends the package to the exchange, who then forwards it to the account holders registered Numio ID.
  6. At this point your app will process the encrypted return message and verify that it is an authentic login attempt.
  7. If the request is authentic the app sends a success response to the exchange and you are granted access. If it’s not, then the response of a failed attempt is communicated and you are denied access.

For the user this is all done instantly at the touch of a button. It couldn’t be easier.

Want to learn more?

If you are interested in integrating Numio tech into your platform, having a demo, or simply want a chat with our devs, then please contact us at [email protected] or via one of the following channels.