176
Making the systems and platforms used by everyday consumers more secure is proving to be quite a difficult task. Several platforms have implemented some form of two-factor authentication, ensuring that knowing somebody’s username and password is not sufficient to gain access. But when all of these platforms and systems start to make their own proprietary two-factor authentication apps for mobile, things seem to get out of hand.
Also read: Bitcoin and the Sharing Economy Go Hand-in-Hand
Relying on Standard Two-Factor Authentication Providers
With mobile software threats on the rise and malware being able to log all types of conversations and data from infected devices, SMS verification may very well be one of the worst solutions available to date. Malware on mobile devices can “hide” itself in the background, collecting data while the use thinks the SMS simply didn’t come through.
Or, in the worst case scenario, someone remotely accessed the mobile device to read an SMS code as they requested access to this platform by using the consumer’s credentials. Erasing all tracks of this SMS being sent isn’t impossible either, once somebody is remotely connected to a malware-infected device.
Google Authenticator does not directly suffer from malware on mobile devices, yet it is not free of potential security risks. Commonly-used security solutions become major targets for hackers who would like nothing more than to find a bug or backdoor in Google Authenticator. Even though this has not happened just yet, it is not unthinkable for it to happen in the future.
With all of the above being said, more companies are starting to develop and roll out their own proprietary two-factor authentication solutions. For example, local governments can issue “citizen tokens,” a list of randomly generated codes that one needs to be entered every time you log in on a government-run platform.
In The Netherlands, another proprietary two-factor authentication app has been announced, with the sole purpose of making government-related platforms more secure. This application — called the App — will be available in the second half of 2016, and acts in similar fashion to Google Authenticator. Random two-factor authentication codes will be generated within the application itself, and will replace the SMS verification option for those who prefer to do so. Doing so seems to serve a second purpose as well, as the Dutch government acknowledges SMS two-factor authentication is a costly measure.
As of press time, the only alternative for Dutch residents is to use SMS verification, yet not every citizen is keen on giving their mobile phone numbers to the government.
Decentralized Two-Factor Authentication a Solution?
Such a decentralized solution would work in the form of issuing a digital token over the Bitcoin blockchain, which contains personal information of the consumer. Upon providing this token, by using it to digitally sign the login process for example, the user is then authenticated to access the platform. Because every token would only be deemed valid through its private key, which is owned by the user, no one else can access the platform through their credentials.
Companies such as are working on a project that lets users sign up to any service using their unique Bitcoin wallet addresses and private keys. Such a platform could easily be adapted to serve as a two-factor authentication protocol on top of the Bitcoin blockchain. Overall, the process would still be very user-friendly, offer more security and privacy, and be more cost-effective.
What are your thoughts on two-factor authentication in general? Do you think there will be more of these proprietary apps in the future? Let us know in the comments below!
Source: Tweakers (Dutch)
Images courtesy of DigiD, Shutterstock
Jean-Pierre Buntinx
Jean-Pierre Buntinx is a freelance Bitcoin writer and Bitcoin journalist for various digital currency news outlets around the world, Jean-Pierre also has a keen interest in Fintech and technology, and he is always open to new challenges.
