Welcome to this new edition of Digital Blitz, your 2-minute brief on everything UX, Tech and Compliance.
As you know, passwords can easily be compromised, so we need to find better ways of securing information. And now that most of our lives are online, with the risk of identity theft, the rise of data privacy, or hacking of corporate information, every single website and application should have multi-factor authentication.
MFA (or 2FA) is the process of adding another layer of verification, on top of the usual username and password. It started with your corporate VPN and online banking, big tech, and now more and more of the tools that we all use online have that option.
The way to combine those different factors into something very secure is to use a combination of them.
- It needs to be something that "you know" like a password, pin or security questions.
- It combines that with something that "you have" like a phone or an app that generates a code or send a one-time password by SMS or voice.
- You can add something that "you are", that's where we get into biometrics, which has fingerprint or the iris of your eyes - like, you know what's in Mission Impossible.
- Sometimes we combine that as well with the fourth factor, which is not something, but somewhere, somewhere you are. We can basically authorise access from inside your office, using your IP address. That can be a challenge if you need to work abroad or access from a mobile network.
For all the web applications that we develop, we apply a combination of password rules, multi-factor authentication and IP restrictions. It ensures all remains secure and compliant with the new data privacy laws, the payment system directives...
It's been validated by the most stringent InfoSec officers from all our corporate and government clients, so we feel it is one of the safest solutions.
To conclude, make sure all your systems are secure and enable MFA everywhere.
Until next time, stay safe and see you soon.