Digital Identity Challenge: The Security and Convenience Dilemma
Resumo
This paper argues that the essential pieces of an enduring digital identity should be privacy, security, and convenience. Authentication should be frictionless. In this sense, the core of the digital identity of the future will be created around location sensing techniques. Incognia proposes a solution to secure and frictionless authentication for mobile apps that is composed of five steps. Its proprietary technology called environment fingerprinting can identify location spoofing and precisely determine the devices actual location. Incognia has found that most mobile logins, sensitive transactions, and purchases occur at trusted locations. To date, 90% of mobile logins and 89% of mobile banking sessions happen at a trusted location. Experimental results show false-negative rates below 0.004% and a decrease of over 85% of account takeover attacks.
Palavras-chave:
Privacy, Security, Frictionless Authentication, Location, Mobile
Referências
Das, A., Bonneau, J., Caesar, M., Borisov, N., and Wang, X. (2014). The tangled web of password reuse. In NDSS, volume 14, pages 23–26.
Dey, A. K. (2001). Understanding and using context. Personal and ubiquitous computing, 5(1):4–7.
Morris, R. and Thompson, K. (1979). Password security: A case history. Communications of the ACM, 22(11):594–597.
Naor, M., Rotem, L., and Segev, G. (2020). The security of lazy users in out-of-band authentication. ACM Trans. Priv. Secur., 23(2).
Ometov, A., Bezzateev, S., Ma ̈kitalo, N., Andreev, S., Mikkonen, T., and Koucheryavy, Y. (2018). Multi-factor authentication: A survey. Cryptography, 2(1).
Raza, M., Iqbal, M., Sharif, M., and Haider, W. (2012). A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal, 19(4):439–444.
Rees-Pullman, S. (2020). Is credential stuffing the new phishing? Computer Fraud & Security, 2020(7):16–19.
Dey, A. K. (2001). Understanding and using context. Personal and ubiquitous computing, 5(1):4–7.
Morris, R. and Thompson, K. (1979). Password security: A case history. Communications of the ACM, 22(11):594–597.
Naor, M., Rotem, L., and Segev, G. (2020). The security of lazy users in out-of-band authentication. ACM Trans. Priv. Secur., 23(2).
Ometov, A., Bezzateev, S., Ma ̈kitalo, N., Andreev, S., Mikkonen, T., and Koucheryavy, Y. (2018). Multi-factor authentication: A survey. Cryptography, 2(1).
Raza, M., Iqbal, M., Sharif, M., and Haider, W. (2012). A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal, 19(4):439–444.
Rees-Pullman, S. (2020). Is credential stuffing the new phishing? Computer Fraud & Security, 2020(7):16–19.
Publicado
18/07/2021
Como Citar
FERRAZ, André; FERRAZ, Carlos.
Digital Identity Challenge: The Security and Convenience Dilemma. In: SEMINÁRIO INTEGRADO DE SOFTWARE E HARDWARE (SEMISH), 48. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 251-256.
ISSN 2595-6205.
DOI: https://doi.org/10.5753/semish.2021.15829.
