In a recent post on its company blog, passive authentication specialist TypingDNA touts the benefits of multi-factor authentication (MFA), while also providing advice on how developers can add MFA to their apps.
Titled “Adding multi-factor authentication to your app, the easy way”, and written by guest contributor Alex Lakatos of UK-based FinTech firm Fidel, the post outlines five different types of ‘factors’ that can be requested upon login. These types are: knowledge (a password), location (most commonly based on geolocation or IP address), possession (a token), proximity (using a ‘trusted device’ like a wearable to unlock a laptop), and biometric (fingerprint, face etc.).
“Multi-factor implies more than one factor is used, so technically 2FA [two-factor authentication] is the minimum number of factors to be used for MFA,” write Lakatos. “Depending on your application’s security level, you can choose to increase the number of factors used to authenticate your users.”
Lakatos notes that an emerging trend in application security called risk-based authentication (RBA) uses multiple factors but spreads them out depending on what the user is actually doing. For example, posting to a social media account would require one factor of authentication, while accessing account information would require another.
Even before the rise of remote work brought on by the COVID-19 pandemic placed a greater emphasis on digital security, biometrics emerged as an important authentication factor due to the security benefits they can provide over the traditional PIN/password setup. 2020 marked the emergence of facial recognition as the latest biometric modality to experience a massive boost in popularity, for both positive and negative reasons. However the biometrics industry as a whole has been seeing remarkable growth.
“Cue TypingDNA,” Lakatos writes. “That’s right, there is an API that fingerprints people by the way they type. That makes biometric authentication accessible without a physical sensor — and just as secure as a fingerprint.”
Lakatos goes on to explain that the TypingDNA API provides the ability to authenticate users based on the way they type, whether on a physical keyboard or a mobile device, and does so without the need for any hardware.
He also notes that it’s a form of passive authentication that layers on top of traditional password logins, making the MFA experience seamless and frictionless for users.
“You’re checking two factors in the same step instead of traditional MFA, where each factor requires an extra step,” he writes.
As for the implementation of the TypingDNA API, Lakatos explains the process, noting that it is a three-part system that consists of a recorder that monitors the way users type, the business’s own back-end server app where the biometric data is sent, and TypingDNA’s REST API, where the collected biometric data is checked against the saved data for authentication.
January 22, 2021 – by Tony Bitzionis